Hi, Ludwig Nussel wrote:
Schlomo Schapiro wrote:
Ludwig Nussel wrote:
Hmm, Ludwig, what about these permissions? Are they still needed? Well, you tell me :-) Those binaries are usually setgid games for writing shared highscore files in /var. I'd be happy to get rid of the setgid bits by default. Could this not be also done via a suitable setup of the highscore directory with ACLs and setgid on the directory? Make it group writeable for all users and make sure that the default ACLs are set correctly?
That wouldn't increase security. Those games are not written with security in mind so having access to highscore files could allow a local attacker to do nasty things. Best way would be to have the highscore files written via daemon.
I agree 100%. But my point was rather that I believe that the question of multi-user high score files is not really that important to 99.999% of our users and those, to whom it matters, surely will be able to deal with it adequately. So that as a practical solution for openSUSE I would suggest to simply drop the permissions and leave it to the interested admin to deal with the issue. Regards, Schlomo -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org