On Wed, Dec 11, 2002 at 11:07:11AM +0900, Oohara Yuuma wrote:
> I am working on adding a high score list to a game written in C.
> (It's already packaged.) The high score list will be 664 root:games
> and the game binary will be sgid games --- nothing special here.
> I want to dump and undump the list. Allowing everyone to undump
> the list will lead to cheating or even security problems, so I want to
> make sure that only the superuser may undump. Since the binary is
> sgid, some check is necessary before trying to write the list.
>
> The problem is that there is fakeroot. getuid() == 0 or
> geteuid() == 0 is not enough. PAM is an overkill.
> I think seteuid(0) == 0 is the best approach.
> Any opinion?
It shouldn't be possible [0] to preload libraries for set[ug]id
executables, so fakeroot shouldn't be able to work.
A simple test / demonstration: compile this source:
--- begin uid.c ---
int main () {
printf ("uid %i euid %i\n", getuid(), geteuid());
return 0;
}
--- end uid.c ---
then:
$ gcc -o uid uid.c
$ su
Password:
# chgrp games uid
# chmod 2555 uid
# exit
$ ls -al uid
-r-xr-sr-x 1 waoki games 5254 Dec 11 01:59 uid
$ id
uid=1000(waoki) gid=1000(waoki)
groups=1000(waoki),4(adm),20(dialout),24(cdrom),29(audio),16(mol)
$ ./uid
uid 1000 euid 1000
$ fakeroot id
uid=0(root) gid=0(root)
groups=1000(waoki),4(adm),20(dialout),24(cdrom),29(audio),16(mol)
$ fakeroot ./uid
./uid: error while loading shared libraries: libfakeroot.so.0: cannot open
shared object file: No such file or directory
$
[0] there is an exceptional case - see the ld.so manpage - but it
dosen't apply here.
--
William Aoki [EMAIL PROTECTED] /"\ ASCII Ribbon Campaign
B1FB C169 C7A6 238B 280B <- key change \ / No HTML in mail or news!
99AF A093 29AE 0AE1 9734 prev. expired X
/ \
