Complete.Org: Mailing Lists: Archives: freeciv-dev: October 2002:
[Freeciv-Dev] Re: connect dialog ver 3 (PR#1911)

[Freeciv-Dev] Re: connect dialog ver 3 (PR#1911)

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]

To:	Freeciv-Dev <freeciv-dev@xxxxxxxxxxx>
Subject:	[Freeciv-Dev] Re: connect dialog ver 3 (PR#1911)
From:	"Per I. Mathisen" <per@xxxxxxxxxxx>
Date:	Wed, 23 Oct 2002 12:15:36 +0000 (GMT)

On Wed, 23 Oct 2002, Reinier Post wrote:
> > I did write "a directory of their own". That, and as long as the filename
> > is restricted to the set [a-z,A-Z,0-9,'-'], then security should be
> > foolproof by design.
>
> Yes, with the understanding that "a directory of their own" means (due
> to symlinks) that you actually have to move up from that directory to
> .. until the root and test that none of the directories you find are writeable
> by others.

Say Freeciv creates ~/.freeciv/savegames/ with chmod 700. I don't see any
way a hostile local user or a network user may manage to exploit it with
the restrictions mentioned above.

> The only problem I have with Mike's approach is that it makes the client
> start a server.This is not necessary - it can be done by a wrapper.

One extra step which is (IMHO) completely unnecessary.

  - Per

[Prev in Thread]

Current Thread

[Next in Thread]

[Freeciv-Dev] Re: connect dialog ver 3 (PR#1911), (continued)
- [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911), Daniel L Speyer, 2002/10/18
  - [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911), Vasco Alexandre Da Silva Costa, 2002/10/20
    - [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911), Daniel L Speyer, 2002/10/20
    - [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911), Vasco Alexandre Da Silva Costa, 2002/10/21
    - [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911), Christian Knoke, 2002/10/21
    - [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911), Vasco Alexandre Da Silva Costa, 2002/10/21
    - [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911), Per I. Mathisen, 2002/10/22
    - [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911), Reinier Post, 2002/10/23
    - [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911), Per I. Mathisen, 2002/10/23
    - [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911), Reinier Post, 2002/10/23
    - [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911), Per I. Mathisen <=
    - [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911), Mike Kaufman, 2002/10/23
    - [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911), Per I. Mathisen, 2002/10/23
    - [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911), Mike Kaufman, 2002/10/23
    - [Freeciv-Dev] Savegame Location was: Re: connect dialog ver 3 (PR#1911), Christian Knoke, 2002/10/23
    - [Freeciv-Dev] Re: Savegame Location was: Re: connect dialog ver 3 (PR#1911), Per I. Mathisen, 2002/10/23
    - [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911), Reinier Post, 2002/10/23
    - [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911), Jason Short, 2002/10/23
    - [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911), Raimar Falke, 2002/10/23
    - [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911), Thomas Strub, 2002/10/23
    - [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911), Vasco Alexandre Da Silva Costa, 2002/10/23

Prev by Date: [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911)
Next by Date: [Freeciv-Dev] Re: core file on civserver, http://civserver.freeciv.org/games/43550
Previous by thread: [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911)
Next by thread: [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911)
Index(es):
- Date
- Thread