[Freeciv-Dev] Re: connect dialog ver 3 (PR#1911)

[Reinier Post <rp@xxxxxxxxxx>]

On Wed, Oct 23, 2002 at 12:15:36PM +0000, Per I. Mathisen wrote:
> On Wed, 23 Oct 2002, Reinier Post wrote:
> > > I did write "a directory of their own". That, and as long as the filename
> > > is restricted to the set [a-z,A-Z,0-9,'-'], then security should be
> > > foolproof by design.
> >
> > Yes, with the understanding that "a directory of their own" means (due
> > to symlinks) that you actually have to move up from that directory to
> > .. until the root and test that none of the directories you find are 
> > writeable
> > by others.
> 
> Say Freeciv creates ~/.freeciv/savegames/ with chmod 700. I don't see any
> way a hostile local user or a network user may manage to exploit it with
> the restrictions mentioned above.

Let's assume ~/.freeciv/savegames is a symlink to /var/tmp/savegames
(not too unlikely).  Now let's assume you forgot to create the target
directory and someone else created it instead. (not very likely, but
this is what I mean).  That someone can then swap your savegames with
something else.

Fortunately, even in that case, the worst that can happen is that arbitrary
files of yours get overwritten, so it's not much of a risk.

> > The only problem I have with Mike's approach is that it makes the client
> > start a server.This is not necessary - it can be done by a wrapper.
> 
> One extra step which is (IMHO) completely unnecessary.

You have to make sure somehow that a civserver is made to run when the user
wants to play a local game.

>   - Per

-- 
Reinier