Mailinglist Archive: opensuse-packaging (120 mails)

[Schlomo Schapiro <schlomo.schapiro@xxxxxxxxxx>]

Hi,

Ludwig Nussel wrote:
> Schlomo Schapiro wrote:
> > Ludwig Nussel wrote:
> > > > Hmm, Ludwig, what about these permissions? Are they still needed?
> > > Well, you tell me :-) Those binaries are usually setgid games for
> > > writing shared highscore files in /var. I'd be happy to get rid of
> > > the setgid bits by default.
> > Could this not be also done via a suitable setup of the highscore directory 
> > with
> > ACLs and setgid on the directory? Make it group writeable for all users and 
> > make
> > sure that the default ACLs are set correctly?
>
> That wouldn't increase security. Those games are not written with
> security in mind so having access to highscore files could allow a
> local attacker to do nasty things. Best way would be to have the
> highscore files written via daemon.

I agree 100%. But my point was rather that I believe that the question of
multi-user high score files is not really that important to 99.999% of our users
and those, to whom it matters, surely will be able to deal with it adequately.

So that as a practical solution for openSUSE I would suggest to simply drop the
permissions and leave it to the interested admin to deal with the issue.

Regards,
Schlomo

-- 
To unsubscribe, e-mail: opensuse-packaging+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-packaging+help@xxxxxxxxxxxx