Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!brl-adm!rutgers!mit-eddie!genrad!panda!husc6!necntc!adelie!axiom!linus!philabs!prls!mips!dce
From: dce@mips.UUCP (David Elliott)
Newsgroups: net.sources.games
Subject: Re: ATC now runs on System V (Actually a shell escape discussion)
Message-ID: <142@quacky.mips.UUCP>
Date: Sat, 17-Jan-87 12:12:40 EST
Article-I.D.: quacky.142
Posted: Sat Jan 17 12:12:40 1987
Date-Received: Wed, 21-Jan-87 21:53:31 EST
References: <7121@cuae2.ATT.COM> <1225@ucbcad.berkeley.edu> <7430@cuae2.ATT.COM>
Reply-To: dce@quacky.UUCP (David Elliott)
Organization: MIPS Computer Systems, Sunnyvale, CA
Lines: 17

In article <7430@cuae2.ATT.COM> djmolny@cuae2.UUCP (-DJ Molny) writes:
>If the shell escape feature is offensive to many players, it could
>be surrounded by an ifdef.  Comments, please?

Not only should the shell escape be surrounded by an ifdef, but care
should be taken to maintain security.

If the program is set up to be setgid daemon (or some other common
games userid) in order to share the score file without allowing people
to tamper with it, shell escapes can't be allowed, since you now potentially
add this group to each user's set of 'free' groups (that is, in System V,
the set of groups that can be used without having to know a password).

If the program is set up to be setuid root, the shell escape code must
do a setuid(getuid) call to assure that the user can't become root.

			David