Re: [AD] [LNX] environment variable for modules

[ Thread Index | Date Index | More lists.liballeg.org/allegro-developers Archives ]


On Sun, Dec 09, 2001 at 11:33:11AM +1100, Peter Wang wrote:
> Actually, I've decided to leave it for the following release.  There's
> security concerns to think about.  And, the patch I sent yesterday
> would have been wrong if someone put a slash in modules.lst.  I've
> fixed that locally, but there still might be bugs.

Do you mean not have this ability in the 4.0 release?  I think
it's fairly important (Allegro won't work as a normal user
without this, unless you can disable modules) but probably not
as important as some other stuff. :)  But perhaps we could use
the configure prefix for this, hardcoded?  It'd be a tad messy
though, since the configure prefix isn't used anywhere else in
`make', only in `make install' (and it'd be nice to continue not
having to rebuild the whole lib if you change it).

Alternatively, dlopen() is quite capable of searching the
LD_LIBRARY_PATH, could we just use relative paths for the
filenames?  Then it's Somebody Else's Problem if privileged
programs can be fooled into opening non-privileged libraries --
surely there's something already in dlopen to stop this
happening, or I'd be able to set LD_LIBRARY_PATH and run
sendmail, getting it to execute my dodgy code as root.

In general I think my opinion when it comes to Allegro is
security comes second place -- if and when someone actually
writes a game and distributes it in such a way that other people
are going to let strangers sit at their console and run that
game with root privileges (pretty much unnecessary anyway, I
never need to make Allegro games run as root), then we'll need
to address issues like this very seriously.  Until then, it's
probably sufficient to bear in mind which things are insecure,
and maybe list them for fixing later.

George



Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/