Schlomo Schapiro wrote:
Ludwig Nussel wrote:
Hmm, Ludwig, what about these permissions? Are they still needed?
Well, you tell me :-) Those binaries are usually setgid games for writing shared highscore files in /var. I'd be happy to get rid of the setgid bits by default.
Could this not be also done via a suitable setup of the highscore directory with ACLs and setgid on the directory? Make it group writeable for all users and make sure that the default ACLs are set correctly?
That wouldn't increase security. Those games are not written with security in mind so having access to highscore files could allow a local attacker to do nasty things. Best way would be to have the highscore files written via daemon. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org