Hans de Goede wrote: > On 05/04/2011 10:39 AM, Ludwig Nussel wrote: > > Hans de Goede wrote: > > Another attack vector are packages (e.g. %post scripts) that do > > things with group games owned files or directories. There's > > potential to escalate to root by playing symlink tricks leading to > > e.g. a chmod on /etc/shadow or something like that. > > Well there should simply be no %post scripts messing with these files,
Yeah, that's what I thought too before we found a package that had such scripts :-) Could happen for example if the file got renamed. > and rpm itself is smart enough to not fall for symlink attacks. Unless a directory is involved... > Also > notice that my proposed fix, disallows the user to create a symlink in > the first place, all he gets access to if he subverts the game is a > filehandle to the rw opened score file. No doubt that this is better than a game that runs setgid all the time. > > IMO the "global highscore" feature which actually is a "local > > machine highscore" should simply not be enabled by default in distro > > packages. > > I disagree, why disable a long standing feature of many of these games, > esp. given that there have been very little security issues with this > even though it has been common practice for ages.. Reducing the amount of setuid/setgid stuff is a long term goal, no matter how safe it may seem in the individual case. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) _______________________________________________ Games mailing list Games@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/games