[Fedora-packaging] Re: Packaging a game, need help with setgid security
Ryan Rix
phrkonaleash at gmail.com
Tue Sep 1 03:52:31 UTC 2009
Andrea Musuruane wrote:
> On Mon, Aug 31, 2009 at 7:55 AM, Ryan Rix<phrkonaleash at gmail.com> wrote:
>> Like many roguelikes, it has a shared high score file and Bones files
>> that all users are meant to have their scores and final data written to.
>> As a result, the game is forced to run setgid games so that it has the
>> rights to write to /var/games/ivan/. While packaging this application, I
>> got a lot of help from some of the Fedora-KDE guys (hi Kevin, Ben) and
>> they both suggested I run this through Fedora Security SIG so that the
>> game would properly demote itself to non-setgid when it doesn't need to.
>>
>> What is the proper channel to go about this? Should I just mail to the
>> security list? Should I put this package up for review beforehand/in the
>> meantime?
>
> The game must drop setuid as early as possible:
> http://fedoraproject.org/wiki/SIGs/Games/Packaging
>
> If you need help, consider writing to the fedora-games-list:
> http://www.redhat.com/mailman/listinfo/fedora-games-list
I didn't think of this when I first wrote my post but now am realizing that
the application creates Bones files when a player dies in /var/games/ivan...
:( How would I apply setgid rules to this scenario? I cannot accurately
predict the name of the bones file in the main() and cannot create a new
file every single time the application starts up, so I am unsure of how to
handle that.
Suggestions?
--
Ryan Rix
(623)-826-0051
Fortune:
Truth can wait; he's used to it.
http://hackersramblings.wordpress.com | http://identi.ca/phrkonaleash
XMPP: phrkonaleash at gmail.com | MSN: phrkonaleash at yahoo.com
AIM: phrkonaleash | Yahoo: phrkonaleash
IRC: PhrkOnLsh at irc.freenode.net/#srcedit,#teensonlinux,#plugaz and
countless other FOSS channels.
More information about the Fedora-packaging
mailing list