Nethack 3.4.3 [PSARC/2008/172 FastTrack timeout 03/11/2008]
Alan Coopersmith
alan.coopersmith at sun.com
Wed Mar 5 08:38:53 PST 2008
Danek Duvall wrote:
> 2.1 Setgid "games"
>
> Thus I'm proposing the addition of a unix group dedicated to games,
> that the shared directory be owned by group "games", and that nethack
> be installed setgid "games". This allows users to be unable to
> manipulate these files except through nethack itself. Any exploits
> that might be possible through this minimal "privilege elevation" would
> be limited only to the contents of /var/games, which is ultimately of
> limited value to the system.
As a follow-on, the next round of GNOME LSARC cases should probably
switch to using the games group for their games as well, instead of
the "staff" group specified in LSARC/2002/401 for games high-score files.
--
-Alan Coopersmith- alan.coopersmith at sun.com
Sun Microsystems, Inc. - X Window System Engineering
More information about the opensolaris-arc
mailing list