On Tue, Mar 15, 2016 at 3:52 PM, Kamil Cholewiński <harry6...@gmail.com> wrote: > setgid is setgid, you give unprivileged users an executable they can > play with.
... and a successful hack means that they can corrupt the score file. > A daemon can open a descriptor to the score file at startup, chroot, > drop privileges, and only then start accepting connections. Which leads to: > I can't think of a way a networked setgid could ever be possible. > Ultimately it means the score server would have to somehow trust the > input from whichever program is sending the score. I can think of ways a networked setgid could be made to work, but each involves significant hassle and annoyance. That said, I can think of another networked approach which should work fine for low volume use (but winds up being vulnerable to spam attacks - and of course is significantly more complicated than setgid). But what's so bad about giving unprivileged users an executable they can play with, in this specific case? Personally, I can think of more important things to worry about... -- Raul
