Standardizing various games packaging things across distros
Michael Thomas
wart at kobold.org
Fri May 6 18:35:12 UTC 2011
On 05/06/2011 02:56 AM, Vitaly Magerya wrote:
>> Yes, in practice the discussed attack vector does not seem something
>> which often gets used / security bugs get filed for (*). Still I think
>> it would be good to agree on a way to best harden setgid games games,
>> esp. for the mentioned wiki page with advises for upstreams for games.
>
> If you'd ask me, "open file, drop privileges" is a sensible thing to do,
> and pushing such patches upstream is even better, because it will
> instantly offer increase in security for all the downstream users
> without any work on their part (even those who install programs manually
> will benefit).
>
> (Other security concerns, like an exploitable game being able to read
> and write all your home directory is more of a pressing matter though).
Perhaps a selinux policy could help here, at least for systems that have
selinux enabled.
--Wart
More information about the games
mailing list