Re: the setgid games mess

To: tech-pkg%netbsd.org@localhost
Subject: Re: the setgid games mess
From: Joerg Sonnenberger <joerg%britannica.bec.de@localhost>
Date: Sat, 28 Nov 2009 19:49:16 +0100

On Sat, Nov 28, 2009 at 06:37:27PM +0000, David Holland wrote:
>  > chmod 664 works for unprivileged too. Whether or not it creates a
>  > problem like "do all users share one group" is the relevant question.
>  > I'd be careful about making assumptions in this area though.
> 
> Well, yes, but one has to adjust GAMES_GROUP and GAMEMODE or install
> won't go, so changing the rest to be tidy seems like a good thing.
> Especially since mode 755/644 will work regardless, while 775/664
> might create a security gap.

Some parts of the logic in unprivileged can likely move into defaults/mk
or bsd.prefs.mk/bsd.pkg.mk. E.g. GAMES_GROUP and GAMES_USER certainly
should always end up in PKG_USERS_VARS / PKG_GROUPS_VARS for games.

In that case the logic will also override them with UNPRIVILIGED_GROUP
group if the user didn't explicitly specify something else (e.g. the
primary group of the user).

I don't have a problem with making the default mode for unprivileged
write-owner only, it might make sense to either depend on that the
(not-)presence on UNPRIVLIEGED_GROUP.GAMES_GROUP or have a separate
switch for that though.

Joerg

References:
- the setgid games mess
  - From: David Holland
- Re: the setgid games mess
  - From: Joerg Sonnenberger
- Re: the setgid games mess
  - From: David Holland
- Re: the setgid games mess
  - From: Joerg Sonnenberger
- Re: the setgid games mess
  - From: David Holland

Prev by Date: Re: the setgid games mess
Next by Date: daily pkgsrc CVS update output
Previous by Thread: Re: the setgid games mess
Next by Thread: daily pkgsrc CVS update output
Indexes:

Home | Main Index | Thread Index | Old Index