Please do not reply to this email. You can add comments at http://bugzilla.ubuntu.com/show_bug.cgi?id=19668 Ubuntu | gnome-games
------- Additional Comments From [EMAIL PROTECTED] 2005-12-06 18:51 UTC ------- (In reply to comment #8) > Due to worries about security, gtk+ always disallow suid/sgid binaries to run. > gnome-games attempt to work around this by opening score files and immediately > dropping privilege. ... which is a very sensible approach and best practice in programs which start with elevated privileges. :) > > Games have always been setgid games, I did not hear about any problems with > > that > > and I don't have any objection against it. Of course every game can mess up > > the > > high scores of every other game, but oh well, that's not the end of the > > world. > > This is highly impossible except software maintainer is changing code for some > programs to mess with other score files. It's actually not that unlikely; if a user can exploit a buffer overflow or similar (e. g. with a crafted saved game, or special input in the game itself, or whatever), he could execute arbitrary code with the privileges of the game and thus mess up all the score files. But this is harmless and uninteresting enough that no actual exploit has ever been published :), so I am fine with leaving things sgid. > (in reply to comment #6) > > 2) Change the group used. Creating a new, unique, group for gnome-games > > (e.g. > > gnomegames) is the best solution. You can change the group (and user) used > > via > > the --with-scores-group and --with-scores-user options to configure at > > compile > time. > > Does this fix the problem that sgid binaries won't run? I don't see how. Whether the binary is sgid games or sgid gnomegames certainly doesn't make a difference. -- Configure bugmail: http://bugzilla.ubuntu.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact. -- desktop-bugs mailing list [email protected] http://lists.ubuntu.com/mailman/listinfo/desktop-bugs
