[prev in list] [next in list] [prev in thread] [next in thread]
List: debian-devel
Subject: Re: setuid/setgid binaries contained in the Debian repository.
From: Richard Braakman <dark () xs4all ! nl>
Date: 2003-08-18 22:14:33
[Download RAW message or body]
On Mon, Aug 11, 2003 at 08:50:28PM +0200, Emile van Bergen wrote:
> Nonsense. The only thing that can be 'owned' is the user's files and
> they cannot be written to by the game uid. Also, the game uid cannot run
> any process impersonating the user.
This might be true for text-based games, though even they could reprogram
the terminal in nasty ways. Games that use X11, however, will need
access to the user's X session, and that basically gives them free
reign. They'll be able to do fun things like listen to keypress events
or paste text into an open xterm.
If you do find a way to run graphical games in a separate uid, then let
me know -- I'll want to use that for my web browser :-)
Richard Braakman
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic