[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: [Kde-games-devel] Re: KHighscore on multiple user systems
From:       George Staikos <staikos () kde ! org>
Date:       2003-05-12 16:14:23
[Download RAW message or body]

On Sunday 11 May 2003 22:54, Nicolas Hadacek wrote:
> > i have serious doubts that works. once you completely drop privileges
> > with setgid() you can't reclaim them.
>
> just rereading the man page for setgid, it seems you can reclaim the
> privileges on linux (if you are not sgid root) and such behaviour follows
> some part of the POSIX specs...

  Dropping the gid gains you nothing because any buffer overflow anywhere in 
the game will allow the user to regain the gid.

  This has been discussed to death before.  Making KDE apps setuid/setgid is 
very dangerous.  Do not take this lightly.

-- 
George Staikos
KDE Developer				http://www.kde.org/
Staikos Computing Services Inc.		http://www.staikos.net/

[prev in list] [next in list] [prev in thread] [next in thread]