On Tue, 18 Nov 1997, Curt Sampson wrote:

> On Tue, 18 Nov 1997, Soren S. Jorvang wrote:
> 
> > It does not simplify the security problem, but it does removes a very
> > obsolete mechanism. Has anybody here actually used dm.conf within the last
> > n years?
> 
> It does to some degree. The fact that I can run fish and become
> the games user is directly attributable to it being run by dm;
> otherwise it would never run suid.
> 
> > It also seems to me that most (all?) of the games need no more than being
> > setgid games, as all they do (apart from the game stuff) is write score
> > files to /var/games . This would also lessen the impact of security holes
> > in the games.
> 
> Yes, I think that this is an excellent idea.

This is the best suggestion so far: use file permissions and the setgid
bit to control access. Be sure to review all file permissions.

--------------------
Claude Marinier, Information Technology Group    claude.marinier@dreo.dnd.ca 
Defence Research Establishment Ottawa (DREO)    (613) 998-4901  FAX 998-2675
3701 Carling Avenue, Ottawa, Ontario  K1A 0Z4         http://www.dreo.dnd.ca