[Bug 219972] Review Request: poker-network - A poker server, client and abstract user interface library
bugzilla at redhat.com
bugzilla at redhat.com
Wed Jan 24 23:29:22 UTC 2007
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Review Request: poker-network - A poker server, client and abstract user interface library
Alias: poker-network
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=219972
------- Additional Comments From wart at kobold.org 2007-01-24 18:29 EST -------
(In reply to comment #53)
> > MUSTFIX
> > * Create a 'poker' user for running the server for better security
>
> I used user "games" instead.
Better to use a custom user account and not the overloaded 'games' account.
This helps prevent a security breach from one game using the 'games' account
from compromising other games using the 'games' account. This will require
using 'useradd' in the %pre scriptlet.
> > * Add selinux policies to poker-server for better security
>
> Need help from you on this.
I'm working on it...
> > * Use double quotes around the sed regsub pattern to avoid potential
> > problems if %{python_sitelib} were to ever contain a space.
>
> There already are double quotes around this path in the init file.
But the sed command itself would fail if %{python_sitelib} contained a space,
unless you surround the regsub pattern with double-quotes.
> > NOTES and Questions
> > ===================
> > * Why does the package contain a x509 certificate for 'webmaster at localhost'?
> >
>
> 09:38:57 XulChris | dachary: reviewer wants to know: "Why does the package
> contain a x509 certificate for 'webmaster at localhost'?"
> 09:38:57 dachary | :-)
> 09:39:12 dachary | for the SSL conx to the poker server
> 09:39:46 XulChris | dachary: i dont know anything about x509 certificates,
> but what if you dont have a webmaster user name or use "localhost"?
> 09:40:12 dachary | it's a self signed certificate
> 09:40:21 dachary | the email does not matter much
> 09:40:33 XulChris | so its nothing i have to generate at build time then?
> 09:40:41 dachary | it's a place holder that must be replaced if you're
> serious about security
> 09:40:47 dachary | no
I suspected it was something like this. poker-server admins should be aware
that using the default x509 cert provides no security at all, since everyone has
access to the certificate's private key. Please document this in README.Fedora.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the Fedora-package-review
mailing list