[quake3] 'Remove Useless setuid code' ???
Ludwig Nussel
ludwig.nussel at suse.de
Sat Sep 3 11:54:15 EDT 2005
Am Samstag, 3. September 2005 17:44 schrieb Ian Kumlien:
> On Sat, 2005-09-03 at 15:41 +0200, vincent at cojot.name wrote:
> > Just saw a bunch of 'Remove Useless setuid code' in svn.
>
> It seems like the setuid is infact useless and related to that root
> usually owns devices like that... I also seem to remember that id
> discuraged ppl from running it setuid.. (i'm tired though so it might be
> context leakage).
It was not only useless but also dangerous. Q3 clearly is not
designed to run setuid root plus the way it tried to drop the
privileges was broken.
> Anyways, if we merged that, then why not <see attachment/>
I'd even remove the bit that tries to load libgl from the current
directory. One can just as well set LD_LIBRARY_PATH="." to achieve
that.
cu
Ludwig
--
(o_ Ludwig Nussel
//\ SUSE LINUX Products GmbH, Development
V_/_ http://www.suse.de/
More information about the quake3
mailing list