[Kde-games-devel] Re: KHighscore on multiple user systems

Nicolas Hadacek hadacek at kde.org
Wed May 21 04:38:09 CEST 2003


On Monday 12 May 2003 11:16 am, Oswald Buddenhagen wrote:
> On Mon, May 12, 2003 at 12:14:23PM -0400, George Staikos wrote:
> >   Dropping the gid gains you nothing because any buffer overflow
> >   anywhere in the game will allow the user to regain the gid.
>
> yep, and it's the exactly same feature nicolas' code relied upon ... so
> either way "my" solution is better, as he admitted.

> one more person to point to kdebase/kdm/backend/dm.c:StorePid() :)

yeah that proved handy... is this really working for NFS ?

Here is my next (and hopefully final) try: see the attached patch and the 
KFileLock class (useful in kdelibs ??).

now at program start, I am just opening a file descriptor on the system-wide 
highscore file and then immediately and definitely dropping the effective 
group id with "setregid" (if I understood correctly the man page). An exploit 
can then only give you access to the game highscore file. Hopefully not a big 
deal :)

See you,
Nicolas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: khighscore2.diff
Type: text/x-diff
Size: 12924 bytes
Desc: not available
Url : http://mail.kde.org/pipermail/kde-games-devel/attachments/20030521/71a433b2/khighscore2-0001.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kconfigrawbackend.cpp
Type: text/x-c++src
Size: 1739 bytes
Desc: not available
Url : http://mail.kde.org/pipermail/kde-games-devel/attachments/20030521/71a433b2/kconfigrawbackend-0002.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kconfigrawbackend.h
Type: text/x-chdr
Size: 1469 bytes
Desc: not available
Url : http://mail.kde.org/pipermail/kde-games-devel/attachments/20030521/71a433b2/kconfigrawbackend-0003.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kfilelock.cpp
Type: text/x-c++src
Size: 2146 bytes
Desc: not available
Url : http://mail.kde.org/pipermail/kde-games-devel/attachments/20030521/71a433b2/kfilelock-0002.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kfilelock.h
Type: text/x-chdr
Size: 1416 bytes
Desc: not available
Url : http://mail.kde.org/pipermail/kde-games-devel/attachments/20030521/71a433b2/kfilelock-0003.bin


More information about the kde-games-devel mailing list