[prev in list] [next in list] [prev in thread] [next in thread] 

List:       debian-devel
Subject:    Re: setuid/setgid binaries contained in the Debian repository.
From:       Richard Braakman <dark () xs4all ! nl>
Date:       2003-08-18 22:14:33
[Download RAW message or body]

On Mon, Aug 11, 2003 at 08:50:28PM +0200, Emile van Bergen wrote:
> Nonsense. The only thing that can be 'owned' is the user's files and
> they cannot be written to by the game uid. Also, the game uid cannot run
> any process impersonating the user. 

This might be true for text-based games, though even they could reprogram
the terminal in nasty ways.  Games that use X11, however, will need
access to the user's X session, and that basically gives them free
reign.  They'll be able to do fun things like listen to keypress events
or paste text into an open xterm.

If you do find a way to run graphical games in a separate uid, then let
me know -- I'll want to use that for my web browser :-)

Richard Braakman


-- 
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

[prev in list] [next in list] [prev in thread] [next in thread]