[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: TR: [Kde-games-devel] KHighscore setuid?
From:       Rolf Magnus <ramagnus () zvw ! de>
Date:       2001-05-07 4:23:06
[Download RAW message or body]

On Monday 07 May 2001 00:44, Waldo Bastian wrote:
> Well, you don't want to have a large (KDE) application running suid, but a
> small simple (C/C++) program with a very specific task shouldn't be a
> problem if you write it carefully and do an audit.

There are two issues here. The first (very important) one is that it must not 
enable a user to do something bad to the system. The other one is that a user 
should not be able to cheat by manually overwriting his high scores. So you 
need to make sure the user cannot start the suid program himself to make his 
own entries.
 
>> Visit http://master.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<

[prev in list] [next in list] [prev in thread] [next in thread]