From owner-freebsd-ports Wed Mar 8 1: 4: 4 2000 Delivered-To: freebsd-ports@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 5DED137B57F; Wed, 8 Mar 2000 01:04:01 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 5C01A2E815A; Wed, 8 Mar 2000 01:04:01 -0800 (PST) (envelope-from kris@hub.freebsd.org) Date: Wed, 8 Mar 2000 01:04:01 -0800 (PST) From: Kris Kennaway To: Satoshi - Ports Wraith - Asami Cc: security@freebsd.org, ports@freebsd.org Subject: Re: cvs commit: ports/games/omega Makefile (fwd) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 8 Mar 2000, Satoshi - Ports Wraith - Asami wrote: > * A user who exploits a game binary to get the games group probably can't do > * much apart from alter game score/save files (although this still might be > * a security risk if you can convince the game to somehow execute code you > * put in the file), whereas if they have setuid games they can trojan the > * binary directly for the next user. > > This should not be allowed to happen. Shouldn't all binaries be > installed without write permission? That's the way it is in /usr, > maybe we should mandate it in /usr/local and /usr/X11R6. (Hmm, why > does imake config files want to install stuff with permission *755?) It wouldn't help: if the binary is setuid games but not owner-writable, the games user can still change permissions and replace it (or any other games-owned binary) because he owns the file. Using setgid instead of setuid solves this, as long as no binaries are games _group_ writable (on my machine nothing except for save files is). Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message