Forgot your password?
typodupeerror
Linux

+ - Linux file permission hole->

Submitted by TrollHammer
TrollHammer (1604811) writes "There is an ongoing discussion on LKML about whether using /proc to bypass directory permissions is a security hole or not. See the link to lkml for the discussion, or, in security focus, this link: http://www.securityfocus.com/archive/1/507386/30/0/threaded

In the example, a user creates a writable file in a directory that can be read only by him or herself. Then, an attacker uses /proc to effectively write in that file. Does it sound like a problem for you? Have you been working on the assumption that a directory with 700 was "safe"?"

Link to Original Source

Comment: Re:Terrible analogy (Score 1) 173

by TrollHammer (#29849871) Attached to: Are Game Publishers a Necessary Evil, Or Just Necessary?

In a way, you may or may not need a publisher depending on what you're developing. A lot of the generic titles that the "industry" keeps pumping out require a publisher for marketing such a mediocre game. But then you get the unconventional games whose development is actually hampered by having a publisher breathe down your neck and make games easier for the general public.

Yes, I agree: It is a terrible analogy. I think there is a perfect one: a director/screenwriter and a producer. The director (or the screenwriter, it depends) knows what film he or she wants to do, but the producer believes that he or she knowns what to do in order to make the movie a economical success. For instance: cast Scarlett Johansson in a semi-nude scene. That is a thing a producer would love to do (lots of tickets sold), but the director may not want Johansson in such a role, because it does not make sense in his or her film, or he or she though about another kind of actress for the role.

Ok, maybe Johansson is a bad example, who wouldn't want her in such a role? :D But I guess my point about the analogy stands.

Comment: No free movement (Score 2, Informative) 57

Interesting....

From the original article:

And so that is the rub: Doom Resurrection lacks free movement. The devs would rather I stayed away from train references, but DR is essentially a rail shooter. (Oh, how our pampered gamer-hearts cringe at the word.) But the thing is, this is a really fucking good rail shooter that creates a sense of tempo and mood that is clearly remiss in other iPhone shooters.

To cram another analogy into this review, imagine watching a good sci-fi horror flick but at the scariest, pee-in-your-pants moment having full control of the character's Big Fucking Gun (yes, it is in the game) and then blasting the crap out of all the monsters on screen. It would be one hell of a satisfying moment, and I am fairly sure you would not be bitching about the lack of free-range movement.

Comment: World-wide release (Score 1) 90

by TrollHammer (#28825785) Attached to: Inside Video Game Localization
It's very nice to read the whole process, but as a publisher I would bear in mind, at least for PC games, that the biggest problem is to get a world-wide release on time: if a game is published in English and people need to wait before being able to buy the game just because of localization; then, a lot of people is going to download the game, in a legal or non-legal way. That's a side effect of building hype around a game, I guess :)

You can see the same thing with "big" movies: lots of them are release more on less the same week in lots of different markets, just to avoid people downloading the movie if they can not watch it in a local cinema.

Comment: Re:Um, yes (Score 1) 634

by TrollHammer (#28821815) Attached to: Linus Calls Microsoft Hatred "a Disease"

Microsoft "stole" nothing. Every thing they have was given to them voluntarily for something else in exchange. Not a shot was fired. If you have a complaint, take it up with the people who make it difficult to use an alternative... like your bank possibly, or the tax man. Microsoft has done nothing out of the ordinary in this market economy. Don't be playing the victim.

I am sorry, but I beg to disagree - Microsoft has done somethings out of the ordinary, otherwise the DOD and the European Comission would have not punished Microsoft

Plus, I really think that Windows ME was a crime against the whole humankind :P

Comment: Re:Impossible (Score 4, Informative) 272

by TrollHammer (#28818967) Attached to: The Irksome Cellphone Industry
You can punish a corportarion if it does not behave correctly - like the European Comission has done with Microsoft and Intel, recently. Quoting the original article:

TEXT-MESSAGING FEES Why has the price of a text message gone to 20 cents, from 10, in two years? There was no big technology shift. There was no spike in the cost of electrons. And speaking of anticompetitive: Is not it a little fishy that all four big United States carriers raised their text-message fees at essentially the same time?

That is not a question of being nice or not being nice - if that's true, their behaviour is illegal, plain and simple, and should be punished.

Comment: Double billing also happens in Europe (Score 4, Informative) 272

by TrollHammer (#28818923) Attached to: The Irksome Cellphone Industry

DOUBLE BILLING In Europe, youâ(TM)re billed only when you place a cellphone call â" not when you answer one. And youâ(TM)re billed only when you send a text message â" not when you get one. In this country, thatâ(TM)s how itâ(TM)s always been for landlines, too.

That's not completely true. You are billed if you receive the call, provided you are not in your home country (if you are in France spending a few days of vacation, and your contract is with a Spanish operator, then you get billed if you got a call while in France). Fortunately, the European Comission is working on reducing the prices for that double billing. It is something that I guess lots of people in USA would like to see Congress doing.

Comment: It's the book, not the language! (Score 0) 634

by TrollHammer (#28818691) Attached to: The Best First Language For a Young Programmer
There is no good answer, I am afraid. It depends a lot on the combination of language plus books plus your "teacher" (if there is anyone teaching you). The language is only one part of the learning process, and not the most importante one, IMHO.

I think that the reason for Scheme plus SICP to be quite popular in the States' universities is that SICP is such a good book. For instance, in Spain, the most popular "learning languages" are C/C++/Java and Pascal. (the first language I was taught was Modula2); however, the books that are used in the Spanish universities are horrific. Does that mean than Scheme is a better language for learning how to program? No, it only means that the sources for in Spanish for learning how to program with C or Pascal are much worse.

At the end of the day, the combination of teacher plus book is much more important than the language itself.

Comment: A cartel? (Score 0) 294

by TrollHammer (#28818149) Attached to: Free Web Content a "Myth," Claims Barry Diller
I do not have a problem with his company trying to charge money for content. I have a problem, though, when he tries to create a cartel of companies so every newspaper publisher moves to a subscription-based model.
I have a problem with that because it is not legal in USA or the UE, not because it is going to work. On the contrary, it is not going to work. At all.

Comment: Re:The internet (Score -1, Offtopic) 198

by TrollHammer (#28805215) Attached to: East Africa Gets High-Speed Internet Access Via Undersea Cable

Here's one for ya.

In the words of the sages Elwood and Jake: Illinois Nazis. I hate Illinois Nazis.

I really hate to use this language, but, sir, your link is basically lies wrapped among crap and more lies. Any neutral source will refute your claims:

By the end of the war Schindler had spent his entire fortune on bribes and black-market purchases of supplies for his workers. Virtually destitute, he moved briefly to Regensburg, Germany and, later, Munich, but did not prosper in postwar Germany. In fact, he was reduced to receiving assistance from Jewish organizations.[3] Eventually, Schindler immigrated to Argentina in 1948, where he went bankrupt. He left his wife Emilie in 1957 and returned to Germany in 1958, where he had a series of unsuccessful business ventures.[3] Schindler settled down in a small apartment at Am Hauptbahnhof Nr. 4 in Frankfurt am Main, West Germany and tried again, with help from a Jewish organization , to establish a cement factory. This, too, went bankrupt in 1961. His business partner cancelled their partnership. In 1968 he began receiving a small pension from the West German government. In 1971 Oskar Schindler moved to live with friends in Hildesheim, Germany. Due to a heart complaint he was taken to the Saint Bernward Hospital in Hildesheim on 12 September 1974, where he died on 9 October 1974, at the age of 66. At the time of his death, he was surrounded by friends and family.[9] The costs for his stay in the hospital were paid from social welfare of the city of Hildesheim.[10][11]

The bomb will never go off. I speak as an expert in explosives. -- Admiral William Leahy, U.S. Atomic Bomb Project

Working...