From kde-games-devel Mon May 12 06:15:36 2003 From: Oswald Buddenhagen Date: Mon, 12 May 2003 06:15:36 +0000 To: kde-games-devel Subject: [Kde-games-devel] Re: KHighscore on multiple user systems X-MARC-Message: https://marc.info/?l=kde-games-devel&m=105273301616048 On Sun, May 11, 2003 at 09:50:14AM -0600, Nicolas Hadacek wrote: > The complete procedure is: > > set "games" group id > open global file read only > flock it (if possible) > drop "games" group id > create a temporary file (in /tmp) and copy the global file in it > create a KSimpleConfig on the temp file > ... > write new highscores data > ... > commit changes to the temporary file > set "games" gid > truncate global file > copy temporary file to global file > drop "games" gid > remove temporary file > unlock global file > i have serious doubts that works. once you completely drop privileges with setgid() you can't reclaim them. you have to open the file rw in init() and drop privs afterwards. you don't need special permissions to do the locking and writing once you have the fd. just keep the file open all the time. alternatively you could play tricks with the saved gid (man setregid and setresgid), but things get system-specific then. additionally, holes in the setgid game would allow an attacker to operate with 'games' privileges; with the 'keep fd open variant' the worst system wide damage would be a messed up highscore list. greetings -- Hi! I'm a .signature virus! Copy me into your ~/.signature, please! -- Chaos, panic, and disorder - my work here is done. _______________________________________________ kde-games-devel mailing list kde-games-devel@mail.kde.org http://mail.kde.org/mailman/listinfo/kde-games-devel