On Sun, 25 Mar 2001, Karl J. Runge wrote:
> I'm building & installing some software that has a lot of games. Those
> game binaries are SGID 'games'. Evidently this is to allow updating of the
> game's corresponding "scores" file.
>
> Security and some practical considerations make me want to remove the suid
> bit (e.g. chmod 755) from the games binaries and just make world writable
> the "scores" file (e.g. chmod 666).
There is nothing inherently insecure about SUID or SGID programs. Indeed,
they can often be used to *improve* security, as in this case. If the files
were world-writable, it would be possible for others to tamper with them
directly. They could:
(1) Zero the file, removing the scores.
(2) Modify the file, changing the scores.
(3) Flood the file, filling the filesystem (DoS attack).
(4) With a poorly written game, they might be able to engineer a buffer
overflow that would result in a process take-over for the game.
If, on the other hand, the game is SUID to "games", they cannot directly
modify the file. Even if the file *was* somehow modified for #4, then the
process would be running as "games" and not the user who invoked it, limiting
damage.
SUID and SGID become a problem when they are indiscriminately applied to
programs owned by "root". Since security restrictions are largely ignored for
the superuser, this makes things less secure, not more.
> In my case this is a home lan where we trust everyone ...
Well, if you trust everyone, why worry about security at all? :-)
> .. but I'm curious about the general case, say in a business setting.
Heh heh -- in a business setting, you do "rm -rf /usr/games". ;-)
--
Ben Scott <[EMAIL PROTECTED]>
Net Technologies, Inc. <http://www.ntisys.com>
Voice: (800)905-3049 x18 Fax: (978)499-7839
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
