From kde-games-devel  Mon May 12 02:54:14 2003
From: Nicolas Hadacek <nicolas.hadacek () comcast ! net>
Date: Mon, 12 May 2003 02:54:14 +0000
To: kde-games-devel
Subject: Re: [Kde-games-devel] Re: KHighscore on multiple user systems
X-MARC-Message: https://marc.info/?l=kde-games-devel&m=105277073125283

> i have serious doubts that works. once you completely drop privileges
> with setgid() you can't reclaim them.

just rereading the man page for setgid, it seems you can reclaim the 
privileges on linux (if you are not sgid root) and such behaviour follows 
some part of the POSIX specs...

> you have to open the file rw in init() and drop privs afterwards. you
> don't need special permissions to do the locking and writing once you
> have the fd. just keep the file open all the time.
> alternatively you could play tricks with the saved gid (man setregid and
> setresgid), but things get system-specific then. additionally, holes in
> the setgid game would allow an attacker to operate with 'games'
> privileges; with the 'keep fd open variant' the worst system wide damage
> would be a messed up highscore list.

ok it looks better indeed and probably more portable (btw how portable is 
flock() ?). thanks for the comment, it's the kind of thing I was looking for 
:)

see you,
Nicolas
_______________________________________________
kde-games-devel mailing list
kde-games-devel@mail.kde.org
http://mail.kde.org/mailman/listinfo/kde-games-devel