Главная Обзор Помощь
Регистрация Вход
gugdun
/
SDL
зеркало из https://github.com/libsdl-org/SDL
1
0
Ответвить 0
Файлы Задачи 0 Вики
Просмотр исходного кода

Document SDL's policy on setuid/setgid executables

Stated briefly, the policy is: don't.

Resolves: https://github.com/libsdl-org/SDL/issues/14717
Signed-off-by: Simon McVittie <smcv@debian.org>
(cherry picked from commit 76352f2931e7eca6e596ea290a227314e7248ba7)
Simon McVittie 2 месяцев назад
Родитель
ec1d66d4f6
Сommit
888104f5ad
4 измененных файлов с 19 добавлено и 0 удалено
Разделённый вид Показать статистику Diff
  1. 1 0
      docs/README-bsd.md
  2. 1 0
      docs/README-linux.md
  3. 2 0
      docs/README-macos.md
  4. 15 0
      docs/README-platforms.md

+ 1 - 0
docs/README-bsd.md
Просмотреть файл 

@@ -4,3 +4,4 @@ SDL is fully supported on BSD platforms, and is built using [CMake](README-cmake
 
 
 If you want to run on the console, you can take a look at [KMSDRM support on BSD](README-kmsbsd.md)
 
 
+SDL is [not designed to be used in setuid or setgid executables](README-platforms.md#setuid).

+ 1 - 0
docs/README-linux.md
Просмотреть файл 

@@ -8,6 +8,7 @@ system does not have the XRandR libraries installed, it will be disabled
 
 at runtime, and you won't get a missing library error, at least with the
 
 default configuration parameters.
 
 
+SDL is [not designed to be used in setuid or setgid executables](README-platforms.md#setuid).
 
 
 Build Dependencies
 
 --------------------------------------------------------------------------------

+ 2 - 0
docs/README-macos.md
Просмотреть файл 

@@ -73,6 +73,8 @@ NSApplicationDelegate implementation:
 
 }
 
 ```
 
 
+SDL is [not designed to be used in setuid or setgid executables](README-platforms.md#setuid).
 
+
 
 # Using the Simple DirectMedia Layer with a traditional Makefile
 
 
 An existing build system for your SDL app has good chances to work almost

+ 15 - 0
docs/README-platforms.md
Просмотреть файл 

@@ -38,3 +38,18 @@ All of these still work with [SDL2](/SDL2), which is an incompatible API, but an
 
 - QNX
 
 - WinPhone
 
 - WinRT/UWP
 
+
 
+## General notes for Unix platforms
 
+
 
+Some aspects of SDL functionality are common to all Unix-based platforms.
 
+
 
+### <a name=setuid></a>Privileged processes (setuid, setgid, setcap)
 
+
 
+SDL is not designed to be used in programs with elevated privileges,
 
+such as setuid (`chmod u+s`) or setgid (`chmod g+s`) executables,
 
+or executables with file-based capabilities
 
+(`setcap cap_sys_nice+ep` or similar).
 
+It does not make any attempt to avoid trusting environment variables
 
+or other aspects of the inherited execution environment.
 
+Programs running with elevated privileges in an attacker-controlled
 
+execution environment should not call SDL functions.