View Single Post
  #5   Report Post  
Old August 21st 03, 08:45 PM
Robert Hyatt
 
Posts: n/a
Default Security advisory for Crafty 19.3

Ari Makela wrote:
In article , Robert Hyatt wrote:


I guess that could happen. However, there is no setgid() call in
crafty so even if it has the setgid permission set, it won't behave
as if it were running as the "game group" unless someone modifies the
source code. And if they do that, it would seem that _anything_ could
be done.


I suppose no non-trivial software can be packaged into a linux
distribution that conforms to FHS (Filesystem Hierarchy Standard)
without modifying the source.


With a "shared installation" crafty can work just fine. It simply
disables learning, which probably makes sense for a shared installation
anyway. Then there is no need for any setgid stuff whatsoever...


And yes, Debian does modify the code of crafty. The diffs are available
at


URL: http://packages.debian.org/stable/games/crafty.html


--
Ari Makela http://arska.org/hauva/


"Deux fous gagnent toujours, mais trois fous, non!" - Alexander Alekhine



--
Robert Hyatt Computer and Information Sciences
University of Alabama at Birmingham
(205) 934-2213 115A Campbell Hall, UAB Station
(205) 934-5473 FAX Birmingham, AL 35294-1170