[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: the setgid games mess
On Sat, Nov 28, 2009 at 06:37:27PM +0000, David Holland wrote:
> > chmod 664 works for unprivileged too. Whether or not it creates a
> > problem like "do all users share one group" is the relevant question.
> > I'd be careful about making assumptions in this area though.
> Well, yes, but one has to adjust GAMES_GROUP and GAMEMODE or install
> won't go, so changing the rest to be tidy seems like a good thing.
> Especially since mode 755/644 will work regardless, while 775/664
> might create a security gap.
Some parts of the logic in unprivileged can likely move into defaults/mk
or bsd.prefs.mk/bsd.pkg.mk. E.g. GAMES_GROUP and GAMES_USER certainly
should always end up in PKG_USERS_VARS / PKG_GROUPS_VARS for games.
In that case the logic will also override them with UNPRIVILIGED_GROUP
group if the user didn't explicitly specify something else (e.g. the
primary group of the user).
I don't have a problem with making the default mode for unprivileged
write-owner only, it might make sense to either depend on that the
(not-)presence on UNPRIVLIEGED_GROUP.GAMES_GROUP or have a separate
switch for that though.
Main Index |
Thread Index |