[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-games-devel
Subject: Re: [Kde-games-devel] Re: KHighscore on multiple user systems
From: Nicolas Hadacek <nicolas.hadacek () comcast ! net>
Date: 2003-05-12 2:54:14
[Download RAW message or body]
> i have serious doubts that works. once you completely drop privileges
> with setgid() you can't reclaim them.
just rereading the man page for setgid, it seems you can reclaim the
privileges on linux (if you are not sgid root) and such behaviour follows
some part of the POSIX specs...
> you have to open the file rw in init() and drop privs afterwards. you
> don't need special permissions to do the locking and writing once you
> have the fd. just keep the file open all the time.
> alternatively you could play tricks with the saved gid (man setregid and
> setresgid), but things get system-specific then. additionally, holes in
> the setgid game would allow an attacker to operate with 'games'
> privileges; with the 'keep fd open variant' the worst system wide damage
> would be a messed up highscore list.
ok it looks better indeed and probably more portable (btw how portable is
flock() ?). thanks for the comment, it's the kind of thing I was looking for
:)
see you,
Nicolas
_______________________________________________
kde-games-devel mailing list
kde-games-devel@mail.kde.org
http://mail.kde.org/mailman/listinfo/kde-games-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic