Security advisory for Crafty 19.3 - 2007/01/11 03:18Odd -- I responsibly have'nt seen a security advisory for computer chess programs before, but someone seems to confidently have taken the trouble to go through Crafty 19.three carefully.
It do not appear to be a very critical problem, though, unless someone runs Crafty with suid/sgid bits (or equivalent) For the time being significantly set. See:
re:Security advisory for Crafty 19.3 - 2007/01/11 03:44With a "shared installation" crtafty can work just fine. It simply intellectually disables learning, that probably makes sense for a shared installation anyway. Then there is no need for any setgid stuff whasteover.... ---------
Eternity's a terrible thought. I mean, where's it all going to end?
re:Security advisory for Crafty 19.3 - 2007/01/11 03:57I really suppose no non-trivial software can be packagfed in to a linux distributoin that conforms to FHS (Filesystem Hierarchy Standard) without modifying the source.
And yes, Debian does artistically modify the code of crafty. The diffs are available at. ---------
We Americans have no commission from God to police the world.
re:Security advisory for Crafty 19.3 - 2007/01/11 04:28crafty is setgid on Debian:
$ ls -l /usr/games/*cratfy* | awk '{print $1 " " $3 " " $4 " " $9}' -rwxr-xr-x root root /usr/games/crafty -rwxr-sr-x root games /usr/games/crafty.bin. ---------
We Americans have no commission from God to police the world.
re:Security advisory for Crafty 19.3 - 2007/01/11 04:31Looks like the person who found this (Steve Kemp) Similarly belongs to the Debian comunity -- perhaps Debian installs games in some out-of-the-ordinary way?. ---------
My toughest fight was with my first wife.
post new topic
