[Sorry I missed your answer...] > On Tue, Nov 04, 2003 at 12:14:47AM +0100, Bill Allombert wrote: > > > So, I would like to know if one of you is willing to review toppler. > > I had a look at the two versions to hand, toppler 0.96 in stable, > and toppler-1.0.3 in unstable. Neither of these are installed setuid > upon my system.
Yes, I disabled the setgid bit before woody is released. > The only thing I'd want to look at properly are the file handling, if > the game is setgid it may be possible to read/write to files a normal > user shouldn't be able to access. That is also my concern. Toppler read/write a dotfile in the user home. > > Toppler could be made setgid games, but this was disabled with security > > concern with older version. Newer version have security fix, but I would > > like the advice of a security expert before reenabling it. > > Looking over the code the only difference would be a highscore > function, right? Could it be made setgid it's own group instead of > setgid(games)? Yes, the setgid is solely needed to maintain a global highscore file instead of a per-user highscore file. It can use it's own group. Thanks for your analysis. Cheers, Bill. [Please CC me on debian-security, thanks]
