[Kde-games-devel] Re: KHighscore on multiple user systems

George Staikos staikos at kde.org
Mon May 12 17:14:23 BST 2003

On Sunday 11 May 2003 22:54, Nicolas Hadacek wrote:
> > i have serious doubts that works. once you completely drop privileges
> > with setgid() you can't reclaim them.
> just rereading the man page for setgid, it seems you can reclaim the
> privileges on linux (if you are not sgid root) and such behaviour follows
> some part of the POSIX specs...

  Dropping the gid gains you nothing because any buffer overflow anywhere in 
the game will allow the user to regain the gid.

  This has been discussed to death before.  Making KDE apps setuid/setgid is 
very dangerous.  Do not take this lightly.

George Staikos
KDE Developer				http://www.kde.org/
Staikos Computing Services Inc.		http://www.staikos.net/

More information about the kde-core-devel mailing list