[Bug 19668] sgid problem
bugzilla-daemon at bugzilla.ubuntu.com
bugzilla-daemon at bugzilla.ubuntu.com
Sun Dec 4 08:50:30 UTC 2005
Please do not reply to this email. You can add comments at
http://bugzilla.ubuntu.com/show_bug.cgi?id=19668
Ubuntu | gnome-games
------- Additional Comments From abelcheung at gmail.com 2005-12-04 08:50 UTC -------
(in reply to comment #7)
> I don't understand the initial problem - why do the games suddently not work any
> more with sgid games?
Due to worries about security, gtk+ always disallow suid/sgid binaries to run.
gnome-games attempt to work around this by opening score files and immediately
dropping privilege. But due to recent change in score API dropping privilege is
not done (hope that's temporary), thus here comes the bug report.
> Games have always been setgid games, I did not hear about any problems with that
> and I don't have any objection against it. Of course every game can mess up the
> high scores of every other game, but oh well, that's not the end of the world.
This is highly impossible except software maintainer is changing code for some
programs to mess with other score files. But people messing score files to attempt
triggering buffer overflow can be a protential problem though.
(in reply to comment #6)
> 2) Change the group used. Creating a new, unique, group for gnome-games (e.g.
> gnomegames) is the best solution. You can change the group (and user) used via
> the --with-scores-group and --with-scores-user options to configure at compile
time.
Does this fix the problem that sgid binaries won't run?
--
Configure bugmail: http://bugzilla.ubuntu.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the desktop-bugs
mailing list