[Kde-games-devel] Re: KHighscore on multiple user systems
Nicolas Hadacek
nicolas.hadacek at comcast.net
Sun May 11 21:54:14 CEST 2003
> i have serious doubts that works. once you completely drop privileges
> with setgid() you can't reclaim them.
just rereading the man page for setgid, it seems you can reclaim the
privileges on linux (if you are not sgid root) and such behaviour follows
some part of the POSIX specs...
> you have to open the file rw in init() and drop privs afterwards. you
> don't need special permissions to do the locking and writing once you
> have the fd. just keep the file open all the time.
> alternatively you could play tricks with the saved gid (man setregid and
> setresgid), but things get system-specific then. additionally, holes in
> the setgid game would allow an attacker to operate with 'games'
> privileges; with the 'keep fd open variant' the worst system wide damage
> would be a messed up highscore list.
ok it looks better indeed and probably more portable (btw how portable is
flock() ?). thanks for the comment, it's the kind of thing I was looking for
:)
see you,
Nicolas
More information about the kde-games-devel
mailing list