Date: 08 Mar 2000 01:26:49 -0800 From: asami@freebsd.org (Satoshi - Ports Wraith - Asami) To: Kris Kennaway <kris@hub.freebsd.org> Cc: security@freebsd.org, ports@freebsd.org Subject: Re: cvs commit: ports/games/omega Makefile (fwd) Message-ID: <vqcaek9izhi.fsf@silvia.hip.berkeley.edu> In-Reply-To: Kris Kennaway's message of "Wed, 8 Mar 2000 01:04:01 -0800 (PST)" References: <Pine.BSF.4.21.0003080057080.78831-100000@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
* From: Kris Kennaway <kris@hub.freebsd.org> * It wouldn't help: if the binary is setuid games but not owner-writable, * the games user can still change permissions and replace it (or any other * games-owned binary) because he owns the file. Using setgid instead of * setuid solves this, as long as no binaries are games _group_ writable (on * my machine nothing except for save files is). You're right, of course. Yes, setuid games are bad! Satoshi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?vqcaek9izhi.fsf>