Subject: Re: Removing dm(1)
To: Jason Thorpe , Curt Sampson <email@example.com>
From: Jake Hamby <firstname.lastname@example.org>
Date: 11/18/1997 13:39:55
Jason Thorpe wrote:
>The fact that a user has an euid of "games" gives them nothing more than
>the ability to run the games otherwise controlled by dm, and write high
>scores files. Worrying about whether or not a user has critical files
>writable by "games" is like worrying whether or not that user has
>critical files writable by "nobody", in my mind.
>If I have missed some important details, please enlighten me. But I'm
>not interested in rhetoric.
I think the issue is that the games themselves are owned by "games", so
that if the user can hack an euid of games, then they can replace the game
binaries with trojan horse versions. Then, the next time, for example,
that root runs "fortune", the user can gain a root shell.
Having the games setgid to games allows them to remain owned by bin or
root, preventing the clever hacker from being able to do worse than give
themselves a high score.