Bugtraq mailing list archives

Re: Vunerability in Lizards game

From: olaf () BIGRED INKA DE (Olaf Titz)
Date: Thu, 13 Nov 1997 15:01:00 +0100

Recently looking through the source of the suid root game called Lizards I


Why is this suid root? I assume it uses svgalib and the mistaken notion that
svgalib requires programs setuid root is still in every doc and HOWTO about
svgalib programming several years after this has been fixed.

Use "ioperm" <URL:http://www.inka.de/~bigred/sw/ioperm.txt> to run any
svgalib program (and more) without making them setuid. svgalib does properly
support running with this tool for a long time now.

There is no excuse at all for making any game setuid root.

olaf

Current thread:

Re: Intel Pentium Bug, (continued)
- Re: Intel Pentium Bug Barry Irwin (Nov 08)
- Re: Intel Pentium Bug Bjorn Wesen (Nov 08)
- Re: Intel Pentium Bug Peter Bierman (Nov 08)
- Re: Intel Pentium Bug Aleph One (Nov 08)
  - Microsoft Office security bug Aleph One (Nov 07)
    - Re: Microsoft Office security bug Inigo Gonzalez (Nov 11)
    - What were the opcodes to hang a Pentium again? (fwd) Darren Reed (Nov 11)
    - Re: Microsoft Office security bug Aleph One (Nov 11)
    - Vunerability in Lizards game SUID (Nov 11)
    - Re: Vunerability in Lizards game Alex Murray (Nov 12)
    - Re: Vunerability in Lizards game Olaf Titz (Nov 13)
    - Re: Vunerability in Lizards game Kragen \ (Nov 13)
    - Re: Vunerability in Lizards game Neil Levine (Nov 17)
    - Re: Vunerability in Lizards game Joe Zbiciak (Nov 18)
    - Re: Vunerability in Lizards game Zoltan Hidvegi (Nov 18)
    - Major Security Flaw in Cybercash 2.1.2 Kerri Kraft (Nov 19)
    - IP DOS attacks -- Win95 and WinNT Paul Leach (Nov 18)
    - Updating microcode on the fly Superuser (Nov 12)
    - Re: Updating microcode on the fly Jyri Kaljundi (Nov 12)
    - solaris 251 & syslogd Michael Helm (Nov 12)
    - Re: solaris 251 & syslogd Richard Peters (Nov 12)

(Thread continues...)