Date: Wed, 8 Mar 2000 01:04:01 -0800 (PST) From: Kris Kennaway <kris@hub.freebsd.org> To: Satoshi - Ports Wraith - Asami <asami@freebsd.org> Cc: security@freebsd.org, ports@freebsd.org Subject: Re: cvs commit: ports/games/omega Makefile (fwd) Message-ID: <Pine.BSF.4.21.0003080057080.78831-100000@hub.freebsd.org> In-Reply-To: <vqcd7p5j13g.fsf@silvia.hip.berkeley.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On 8 Mar 2000, Satoshi - Ports Wraith - Asami wrote:
> * A user who exploits a game binary to get the games group probably can't do
> * much apart from alter game score/save files (although this still might be
> * a security risk if you can convince the game to somehow execute code you
> * put in the file), whereas if they have setuid games they can trojan the
> * binary directly for the next user.
>
> This should not be allowed to happen. Shouldn't all binaries be
> installed without write permission? That's the way it is in /usr,
> maybe we should mandate it in /usr/local and /usr/X11R6. (Hmm, why
> does imake config files want to install stuff with permission *755?)
It wouldn't help: if the binary is setuid games but not owner-writable,
the games user can still change permissions and replace it (or any other
games-owned binary) because he owns the file. Using setgid instead of
setuid solves this, as long as no binaries are games _group_ writable (on
my machine nothing except for save files is).
Kris
----
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0003080057080.78831-100000>