[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1143229115.17575.52.camel@cgianelloni.nuvox.net>
Date: Fri, 24 Mar 2006 14:38:35 -0500
From: Chris Gianelloni <wolf31o2@...rter.net>
To: bugtraq@...urityfocus.com
Subject: Re: [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local
privilege escalation
On Fri, 2006-03-24 at 03:26 -0800, neeko@...lingsinister.net wrote:
> Doesn't the included text from the advisory really make it sound more like a
> problem with their system for managing games? It doesn't point out any flaw
> in nethack in general, just behavior that's unexpected/unwanted/uncontrollable
> in their system.
It isn't a vulnerability in nethack, per se.
The problem is that we do not have games running as setgid games.
Because of this, we use the games group to control access to who can run
games, such as nethack. The problem stems from the ability of a user in
the games group to modify the scores file. When the file is read, it
isn't validated properly, allowing for code to be executed by anyone
running nethack.
> Are any other distributions/platforms vulnerable to a problem in nethack like
> this? Sounds like it'd be big news, considering the install base of these
> games.
I honestly do not know what policy other distributions follow, so I
cannot answer this.
> If this problem is on their end, are other games/applications able to trigger
> it?
So far we have not found any other games that allow code execution. The
most that is "vulnerable" is people's ability to change their own score.
> They've essentially wiped these fundamental applications (sorry) off their
> tree for the time being, that's pretty severe.
No. They have been masked to allow the user to decide for themselves if
they wish to take the risk of having the game installed. On a system
where there is only a single user, or one where only trusted users are
in the games group, there is no issue.
> Does anyone have any insight into this? I'm a big nethack fan..
Well, I'm one of the members of Gentoo's games team, so I'm a pretty
good resource on this.
(Posting from my home address since my Gentoo one isn't registered with
the list)
--
Chris Gianelloni
Release Engineering - Strategic Lead
x86 Architecture Team
Games - Developer
Gentoo Linux
Powered by blists - more mailing lists