View Single Post
  #4   Report Post  
Old August 21st 03, 08:38 PM
Ari Makela
 
Posts: n/a
Default Security advisory for Crafty 19.3

In article , Robert Hyatt wrote:

I guess that could happen. However, there is no setgid() call in
crafty so even if it has the setgid permission set, it won't behave
as if it were running as the "game group" unless someone modifies the
source code. And if they do that, it would seem that _anything_ could
be done.


I suppose no non-trivial software can be packaged into a linux
distribution that conforms to FHS (Filesystem Hierarchy Standard)
without modifying the source.

And yes, Debian does modify the code of crafty. The diffs are available
at

URL: http://packages.debian.org/stable/games/crafty.html

--
Ari Makela http://arska.org/hauva/

"Deux fous gagnent toujours, mais trois fous, non!" - Alexander Alekhine