[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: TR: [Kde-games-devel] KHighscore setuid?
From:       Charles Samuels <charles () kde ! org>
Date:       2001-05-06 16:05:57
[Download RAW message or body]

On Sunday 06 May 2001 06:52 am, Rolf Magnus wrote:
> On Wednesday 02 May 2001 20:38, Malte Starostik wrote:
> > Why need to run the program suid root *shrug* or suid games or something?
> > Wouldn't it suffice to make the chown the highscore dir to user root and
> > group games and make it group-writeable? No world-writeable directory
> > neccessary and any user that is a member of the games group could write
> > the highscores. Of course the games would need to care that any new
> > highscore files belong to that group and are writeable by it. Then a
> > configure option --games-group=foobar could specify the group to use.
>
> But then every user in the games group could modify his highscores
> manually, and he could fill the shared directory with garbage to make the
> disk full or just use it to work around a disk quota for his home dir.
So, you just use a "password" inside the game binary.  The game binary 
executes the setuid thingy, gives it the password, then says "charles got a 
score of 120."  The setuid thing then adds it to the db.

The password is gotten from the setuid thing on configure, and it's just a 
random string.


>
> >> Visit http://master.kde.org/mailman/listinfo/kde-devel#unsub to
> >> unsubscribe <<

-- 
Charles Samuels <charles@kde.org>
K Desktop Environment
"The people. Could you patent the sun?"
 -- Jonas E. Salk, when asked who owned the patent on his polio vaccine.

>> Visit http://master.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<

[prev in list] [next in list] [prev in thread] [next in thread]