Standardizing various games packaging things across distros
Hans de Goede
hdegoede at redhat.com
Thu May 5 08:58:03 UTC 2011
Hi,
On 05/05/2011 10:46 AM, Richard Hartmann wrote:
> On Thu, May 5, 2011 at 10:32, Hans de Goede<hdegoede at redhat.com> wrote:
>
>> This approach is just as safe as yours, once
>> the rights have been unrevokably dropped, nothing bad can be done any
>> more other then what can be done through the fd.
>
> Not quite true as with Bas' approach there is exactly one binary that
> needs to be secured whereas with your approach every single game
> binary needs to be patched and audited.
With Bas' approach every game binary (or rather the sources it is build
from) still needs to be patches to use the passed in fd, rather then trying
to open the highscore file itself.
As for auditing:
1) The highscore parsing code should still be audited in either case, since
someone subverting the game will still be able to write malicious content
to it in either case
2) The rest of the code will be a simple standardizes snippet directly at
the start of main, and once control is passed this snippet all elevated
rights are permanently gone, see here for the snippet Fedora is using:
http://fedoraproject.org/wiki/SIGs/Games/Packaging
Regards,
Hans
More information about the games
mailing list