[Kde-games-devel] Re: KHighscore on multiple user systems

Oswald Buddenhagen ossi at kde.org
Mon May 12 18:16:43 BST 2003

> On Sunday 11 May 2003 22:54, Nicolas Hadacek wrote:
> > > i have serious doubts that works. once you completely drop privileges
> > > with setgid() you can't reclaim them.
> >
> > just rereading the man page for setgid, it seems you can reclaim the
> > privileges on linux (if you are not sgid root) and such behaviour follows
> > some part of the POSIX specs...
ooops, you're right. i missed that non-root part. it's been a while since
i read that page the last time. :}
one actually has to use setregid to get rid of the saved gid. using
gid=getgid(); setregid(gid,gid); should be safe. you can verify it with
some debug code that prints the getresgid output afterwards.

On Mon, May 12, 2003 at 12:14:23PM -0400, George Staikos wrote:
>   Dropping the gid gains you nothing because any buffer overflow
>   anywhere in the game will allow the user to regain the gid.
yep, and it's the exactly same feature nicolas' code relied upon ... so
either way "my" solution is better, as he admitted.

> > (btw how portable is flock() ?).
> >
it isn't. :)=
one more person to point to kdebase/kdm/backend/dm.c:StorePid() :)


Hi! I'm a .signature virus! Copy me into your ~/.signature, please!
Chaos, panic, and disorder - my work here is done.

More information about the kde-core-devel mailing list