Re: RHL 6.2 xconq package - overflows yield gid games

[kris () FREEBSD ORG (Kris Kennaway)]

On Tue, 27 Jun 2000, Mark Tinberg wrote:

> In short this is _not_ a problem of xconq, or any other game, systemwide
> scorefiles (which by nature are world writable, even if you have to go through
> a SGID executable to write to them) should not be trusted.  Software like games
> which will never be audited should not be trusted either.  Systems that allow
> write access to library directories for anyone (even if they have to go through
> a crappy SGID app) are in the wrong.

Yes. I've been trying to figure out where FreeBSD can advertise this piece
of advice to users (probably during the install process for each setgid
game itself would be best, although there are some infrastructural issues
with that), but games that run with privileges are considered insecure
software. However, I've tried to make it so that all of the games only
install themselves with a maximum privilege of 'setgid games', and the
only thing the games group can tread on is the data files for other games
(score, save files, etc). I think I've got them all by now, but I need to
check.

However this still doesn't make them uniformly 'safe' because chances are
there are holes which can lead to exploitable overflows by inserting
malformed data into scorefiles, etc.

Kris

--
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe () alum mit edu>