[Kde-games-devel] Re: KHighscore on multiple user systems
George Staikos
staikos at kde.org
Mon May 12 17:14:23 BST 2003
On Sunday 11 May 2003 22:54, Nicolas Hadacek wrote:
> > i have serious doubts that works. once you completely drop privileges
> > with setgid() you can't reclaim them.
>
> just rereading the man page for setgid, it seems you can reclaim the
> privileges on linux (if you are not sgid root) and such behaviour follows
> some part of the POSIX specs...
Dropping the gid gains you nothing because any buffer overflow anywhere in
the game will allow the user to regain the gid.
This has been discussed to death before. Making KDE apps setuid/setgid is
very dangerous. Do not take this lightly.
--
George Staikos
KDE Developer http://www.kde.org/
Staikos Computing Services Inc. http://www.staikos.net/
More information about the kde-core-devel
mailing list