On Mon, Feb 22, 1999 at 01:13:01PM -0800, Vincent Janelle wrote: > Quake2 does not support user written shared objects. It only reads out of > the dir in /etc/quake2.conf. > > As for multiplayer games, quake2 modifications are server-side, ergo, the > server admin should be worried about security(AND NOT running quake2 > -dedicated as root). Multiplayer games are safe, as are single player games to evil ref_<driver>.so files. However, you haven't mentioned evil game<architecture>.so files on single player games, or -listen servers. I believe these are not safe. > If you let users write to the dir that suid apps read from, you're asking > for more trouble than anything else. All these are true, but miss the point: Many quake 2 users will download a quake2 modification, eg. gamei386.so for Intel linux, and blindly run it on an SVGAlib system. Sometimes the source code for this modification is not available. From a security viewpoint, they shouldn't, but id software have implied that it is safe to do so in making it possible, and releasing tools for creating patches. Therefore, many people do, believing it to be safe. Id have put in some security features, such as dropping root priveleges. Now that this has been comprimised, people's sense of security is more false than ever. Alistair Cunningham. -- -------------------------------------------------------------------------- Alistair Cunningham Selwyn College, Cambridge Email: ac212at_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:37:11 PDT