Re: Idea for gnome or CORBA service



Is there any real problem with what we have got now?  It forks off a
process to handle writing the high score file, then drops its priviledges.
All this should be done before gnome_init is called, so the code to audit
is quite small.  And the worst that will happen if a hole is found is that
the user will be able to edit the high score files (unless you give the
games group lots of other priviledges, or the application has accidentally
been installed setgid root).  It is not clear that a corba server would
offer many advantages over this system.

The other problem with a corba server is that there is nothing to stop me
writing a bit of code that connects to the high score server and fakes a
few scores :)  This is not really possible with the current system which
uses pipes.

James.

--
Email: james@daa.com.au
WWW:   http://www.daa.com.au/~james/


On Tue, 12 Oct 1999, Daniel Weber wrote:

> One of the problems with games is storing the high score in an
> accessible location w/o security risks being involved.  I was thinking
> it would be nice if there was some kind of routines to handle this
> activity across any game.  Maybe a CORBA service or some gnome
> rooutines?
> 
> Just an idea...
> 
> 
> -- 
>         FAQ: Frequently-Asked Questions at http://www.gnome.org/gnomefaq
>          To unsubscribe: mail gnome-list-request@gnome.org with 
>                        "unsubscribe" as the Subject.
> 



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]