[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: TR: [Kde-games-devel] KHighscore setuid?
From: Jeff Dickey <jdickey () seven-sigma ! com>
Date: 2001-05-06 20:07:40
[Download RAW message or body]
OK, if you want a complete thermonuclear-overkill to the solution, how about
this?
1. During install, a user 'gamescores' in group 'games' is added and a PGP or
GPG key pair is created for that user. A login directory (to hold the key
file) is created, but a * password is assigned, to prevent logins (except
su'ing from root, of course). The home directory has permissions set 400.
The login shell is disabled.
2. When the system starts, a daemon running with setuid 'gamescores' is
started that every so often wakes up and checks for incoming mail.
3. When incoming mail is detected, each message is decrypted using the
'gamescores' private key. A successful decode yields a message with the user
who got a new high score, the name of the game in question, and the score
itself. 'gamescore' could then update the highscores database with a
reasonable (healthy?) level of paranoia assuaged.
Known problems:
1. Root could still hack around this with varying levels of destructiveness.
2. It would require a massive rework of the existing highscores system.
3. It requires YADDA (yet another daemon's disk activity) to be added to the
system.
4. Don't we all have better things to be working on anyway? :-)
Just my $0.019974539705347 (damn Pentium bug!)
Jeff Dickey
On Sunday 06 May 2001 12:29, Waldo Bastian wrote:
> On Sunday 06 May 2001 09:05, Charles Samuels wrote:
> > On Sunday 06 May 2001 06:52 am, Rolf Magnus wrote:
> > > On Wednesday 02 May 2001 20:38, Malte Starostik wrote:
> > > > Why need to run the program suid root *shrug* or suid games or
> > > > something? Wouldn't it suffice to make the chown the highscore dir to
> > > > user root and group games and make it group-writeable? No
> > > > world-writeable directory neccessary and any user that is a member of
> > > > the games group could write the highscores. Of course the games would
> > > > need to care that any new highscore files belong to that group and
> > > > are writeable by it. Then a configure option --games-group=foobar
> > > > could specify the group to use.
> > >
> > > But then every user in the games group could modify his highscores
> > > manually, and he could fill the shared directory with garbage to make
> > > the disk full or just use it to work around a disk quota for his home
> > > dir.
> >
> > So, you just use a "password" inside the game binary.
>
> Don't forget to make the binary chmod 444 in that case.
>
> > The game binary
> > executes the setuid thingy, gives it the password, then says "charles got
> > a score of 120." The setuid thing then adds it to the db.
> >
> > The password is gotten from the setuid thing on configure, and it's just
> > a random string.
>
> I think it should be inserted during installation.
>
> Cheers,
> Waldo
--
Jeff Dickey
Seven Sigma Software and Services
mailto:jdickey@seven-sigma.com
Phone (425)885-6280
Alpha page: 4084289729.1281075@pagenet.net
MSN or Yahoo! IM: jeff_dickey
ICQ 8053918
"If you can't reach me by any of these, one of us is probably dead!"
>> Visit http://master.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic