tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: the setgid games mess

On Sat, Nov 28, 2009 at 06:37:27PM +0000, David Holland wrote:
>  > chmod 664 works for unprivileged too. Whether or not it creates a
>  > problem like "do all users share one group" is the relevant question.
>  > I'd be careful about making assumptions in this area though.
> Well, yes, but one has to adjust GAMES_GROUP and GAMEMODE or install
> won't go, so changing the rest to be tidy seems like a good thing.
> Especially since mode 755/644 will work regardless, while 775/664
> might create a security gap.

Some parts of the logic in unprivileged can likely move into defaults/mk
or E.g. GAMES_GROUP and GAMES_USER certainly
should always end up in PKG_USERS_VARS / PKG_GROUPS_VARS for games.

In that case the logic will also override them with UNPRIVILIGED_GROUP
group if the user didn't explicitly specify something else (e.g. the
primary group of the user).

I don't have a problem with making the default mode for unprivileged
write-owner only, it might make sense to either depend on that the
(not-)presence on UNPRIVLIEGED_GROUP.GAMES_GROUP or have a separate
switch for that though.


Home | Main Index | Thread Index | Old Index