On Tue, 15 Mar 2016, Raul Miller <rauldmil...@gmail.com> wrote: > On Tue, Mar 15, 2016 at 3:04 PM, Kamil Cholewiński <harry6...@gmail.com> wrote: >> I didn't suggest it to be enabled by default. Administrator's choice. >> Users can spawn private instances. No more dangerous than installing >> openarena-server from ports. >> >> Not a score daemon but a game server. If it's a simple daemon keeping >> scores, it couldn't stop users from submitting any score they please and >> thus cheating. > > How is a game server better security (or better anything) than setgid > for these games?
setgid is setgid, you give unprivileged users an executable they can play with. A daemon can open a descriptor to the score file at startup, chroot, drop privileges, and only then start accepting connections. > In my opinion: > > You'd basically have to rewrite everything from scratch to turn them > into game servers. And, ok, that might make a fun project for someone > with an MVC bent and an intense interest in game archeology, but the > development/debugging issues here are daunting (and offer lots of > potential for security holes). Agree. Probably easier to write a couple of new, fun games from scratch. > Meanwhile, if you trim that back to just a score server, you need to > create a networked equivalent of setgid - maybe not a bad project in > itself, but more opportunity for flaws. I can't think of a way a networked setgid could ever be possible. Ultimately it means the score server would have to somehow trust the input from whichever program is sending the score. Perhaps embed a signing key in the executable and chmod 111? Infrastructural mess, keys would have to be different per each install. Also not sure how to keep the user away from inspecting a core dump. Perhaps there could be a way to let an unprivileged process exchange one set of capabilities for another; like pledge, but a trade. "In exchange for this cookie, I promise I will only ever write /var/games/scores". Probably would end up having similar problems as setgid. > But maybe you have some working code which shows otherwise? (Have you > you looked at how these games were implemented?) > > Thanks, > > -- > Raul
