tech-security: Re: /usr/games - group writable or not?

Subject: Re: /usr/games - group writable or not?
To: Bruce Barnett <barnett@grymoire.crd.ge.com>
From: Jon Ribbens <jon@oaktree.co.uk>
List: tech-security
Date: 11/19/1997 15:11:16

Bruce Barnett <barnett@grymoire.crd.ge.com> wrote:
> >Anyway, most of the games should be easy to convert to setgid games. Just
> >make /var/games 775, eg.
> 
> I disagree, and no one else has. Let me explain.
> 
> If the games directory is group writable, then any setgid to games
> program could replace one of the files in this directory (a trojan
> horse attack).

The saved games directory (/var/games) is not the same as the games
binaries directory (/usr/games). /usr/games should be root:wheel 755.
/var/games should be root:games 775.

Cheers


Jon
____
\  //    Jon Ribbens    // 100MB virtual-hosted // www.oaktree.co.uk
 \// jon@oaktree.co.uk //  web space for 99UKP //