tComment about the risks involved in opening config files when setgid removed; … | |
git clone git://src.adamsgaard.dk/vaccinewars | |
Log | |
Files | |
Refs | |
README | |
LICENSE | |
--- | |
commit 1b199ac41840a2fb61c471c0d7479967e1ec3a0a | |
parent 985d70342383b164a1972aa3fd3bccbc58c3f07b | |
Author: Ben Webb <[email protected]> | |
Date: Mon, 24 Jun 2002 11:38:45 +0000 | |
Comment about the risks involved in opening config files when setgid removed; | |
it is no longer relevant, as we drop privileges before opening the files now. | |
Diffstat: | |
M src/dopewars.c | 6 ------ | |
1 file changed, 0 insertions(+), 6 deletions(-) | |
--- | |
diff --git a/src/dopewars.c b/src/dopewars.c | |
t@@ -2352,12 +2352,6 @@ void SetupParameters(void) | |
AssignName(&StoppedTo[i], _(DefaultStoppedTo[i])); | |
} | |
- /* FIXME: this is a bit risky; we haven't dropped privileges yet, | |
- * so 1. we may be able to read files here that the user shouldn't | |
- * have access to and 2. a bug in the configuration parsing code | |
- * could result in a compromise. BUT we don't know where the high | |
- * score file is until the config files have been parsed. */ | |
- | |
/* Now read in the global configuration file */ | |
conf = GetGlobalConfigFile(); | |
if (conf) { |