Subject: Re: bin/4489: /usr/games/fish allows setuid games binaries to be created by unprivileged user
To: Jon Ribbens <jon@oaktree.co.uk>
From: Jason Thorpe <thorpej@nas.nasa.gov>
List: tech-security
Date: 11/18/1997 08:23:56
On Tue, 18 Nov 1997 15:22:10 +0000
Jon Ribbens <jon@oaktree.co.uk> wrote:
> IMHO the 'dm' system is completely broken. Preferably it should be abandoned
> completely. At the least, every single game needs 'setuid(getuid())' adding.
> Does anybody actually use the games-restriction facilities of 'dm'?
One thing the games do use their setuid privilege for is to write high
scores.
But, yes, the games could be made much safer, and the world would be
a better place for it.
Jason R. Thorpe thorpej@nas.nasa.gov
NASA Ames Research Center Home: +1 408 866 1912
NAS: M/S 258-6 Work: +1 650 604 0935
Moffett Field, CA 94035 Pager: +1 415 428 6939