On Thu, May 5, 2011 at 10:58, Hans de Goede <hdego...@redhat.com> wrote:
> With Bas' approach every game binary (or rather the sources it is build > from) still needs to be patches to use the passed in fd, rather then trying > to open the highscore file itself. Correct. This is inevitable unless upstreams adopt either patch. > As for auditing: > 1) The highscore parsing code should still be audited in either case, since > someone subverting the game will still be able to write malicious content > to it in either case Correct, but that still means fewer places to audit. > 2) The rest of the code will be a simple standardizes snippet directly at > the start of main, and once control is passed this snippet all elevated > rights are permanently gone, see here for the snippet Fedora is using: > http://fedoraproject.org/wiki/SIGs/Games/Packaging The other approach would also result in one single snippet (unless I am forgetting something)? Richard _______________________________________________ Games mailing list Games@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/games
