Hi,
On 05/05/2011 11:20 AM, Vitaly Magerya wrote:
Jon Dowland wrote:
I'd like to hear from some other distros to see who else does what before considering such a move.
FWIW, the common practice on FreeBSD is to place game binaries into /usr/local/bin, static game data into /usr/local/share/<gamename>, and variable game data into /var/games/<gamename>. There are some exceptions, but this is how most ports work.
Interesting if you s@/usr/local@/usr@ FreeBSD is doing the exact same thing as Fedora.
As for /var data permissions, setgid binaries with group "games" are common (/var/games is owned by root:games); I don't think there's any effort to improve security above whatever the upstream offers.
Yes, in practice the discussed attack vector does not seem something which often gets used / security bugs get filed for (*). Still I think it would be good to agree on a way to best harden setgid games games, esp. for the mentioned wiki page with advises for upstreams for games.
*) Likely because there is lower hanging fruit for blackhats to abuse.
Regards,
Hans
Yes, in practice the discussed attack vector does not seem something which often gets used / security bugs get filed for (*). Still I think it would be good to agree on a way to best harden setgid games games, esp. for the mentioned wiki page with advises for upstreams for games.
If you'd ask me, "open file, drop privileges" is a sensible thing to do, and pushing such patches upstream is even better, because it will instantly offer increase in security for all the downstream users without any work on their part (even those who install programs manually will benefit).
(Other security concerns, like an exploitable game being able to read and write all your home directory is more of a pressing matter though).
On 05/06/2011 02:56 AM, Vitaly Magerya wrote:
Yes, in practice the discussed attack vector does not seem something which often gets used / security bugs get filed for (*). Still I think it would be good to agree on a way to best harden setgid games games, esp. for the mentioned wiki page with advises for upstreams for games.
If you'd ask me, "open file, drop privileges" is a sensible thing to do, and pushing such patches upstream is even better, because it will instantly offer increase in security for all the downstream users without any work on their part (even those who install programs manually will benefit).
(Other security concerns, like an exploitable game being able to read and write all your home directory is more of a pressing matter though).
Perhaps a selinux policy could help here, at least for systems that have selinux enabled.
--Wart
On Fri, May 06, 2011 at 09:09:07 +0200, Hans de Goede hdegoede@redhat.com wrote:
*) Likely because there is lower hanging fruit for blackhats to abuse.
Another issue is multiplayer games. Some games trust servers and clients that they really shouldn't. They really need to treat them as potentially adversary's. I know for Wesnoth (when I was spending more time on it), there were a few of us worried about that kind of thing, but some other games seem to be very trusting of remotely supplied data. (You more or less have to trust it for playing the game, but you need to be sure you don't trust the data when it comes to system integrity.)
-
Bruno Wolff III -
Hans de Goede -
Michael Thomas -
Vitaly Magerya