Protecting games
bob%ucla-locus at sri-unix.UUCP
bob%ucla-locus at sri-unix.UUCP
Tue Sep 20 03:09:59 AEST 1983
From: Bob English <bob at ucla-locus>
Protecting the "real" game programs and using a SUID or SGID program
to access them works just fine UNLESS the game program itself allows
the user to fork off a shell. If that occurs, the user would
have all the permissions he needs to access the games himself
(the SGID case is particularly nasty).
In order for the Trojan Horse method to work, the permissions
needed to invoke the game must be denied to the the game itself.
The only way to do this reliably is to have a "Lose effective
u/gid on exec" function, which does not exist in v7 or 4.1bsd
(I'm not sure about later versions).
This, of course, involves changing the kernel.
--bob--
More information about the Comp.unix.wizards
mailing list