Standardizing various games packaging things across distros
Ludwig Nussel
ludwig.nussel at suse.de
Wed May 4 08:26:08 PDT 2011
Hans de Goede wrote:
> On 05/04/2011 10:39 AM, Ludwig Nussel wrote:
> > Hans de Goede wrote:
> > Another attack vector are packages (e.g. %post scripts) that do
> > things with group games owned files or directories. There's
> > potential to escalate to root by playing symlink tricks leading to
> > e.g. a chmod on /etc/shadow or something like that.
>
> Well there should simply be no %post scripts messing with these files,
Yeah, that's what I thought too before we found a package that had
such scripts :-) Could happen for example if the file got renamed.
> and rpm itself is smart enough to not fall for symlink attacks.
Unless a directory is involved...
> Also
> notice that my proposed fix, disallows the user to create a symlink in
> the first place, all he gets access to if he subverts the game is a
> filehandle to the rw opened score file.
No doubt that this is better than a game that runs setgid all the
time.
> > IMO the "global highscore" feature which actually is a "local
> > machine highscore" should simply not be enabled by default in distro
> > packages.
>
> I disagree, why disable a long standing feature of many of these games,
> esp. given that there have been very little security issues with this
> even though it has been common practice for ages..
Reducing the amount of setuid/setgid stuff is a long term goal, no
matter how safe it may seem in the individual case.
cu
Ludwig
--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)
More information about the Games
mailing list