Bugtraq mailing list archives
Re: [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation
From: Chris Gianelloni <wolf31o2 () charter net>
Date: Fri, 24 Mar 2006 14:38:35 -0500
On Fri, 2006-03-24 at 03:26 -0800, neeko () feelingsinister net wrote:
Doesn't the included text from the advisory really make it sound more like a problem with their system for managing games? It doesn't point out any flaw in nethack in general, just behavior that's unexpected/unwanted/uncontrollable in their system.
It isn't a vulnerability in nethack, per se. The problem is that we do not have games running as setgid games. Because of this, we use the games group to control access to who can run games, such as nethack. The problem stems from the ability of a user in the games group to modify the scores file. When the file is read, it isn't validated properly, allowing for code to be executed by anyone running nethack.
Are any other distributions/platforms vulnerable to a problem in nethack like this? Sounds like it'd be big news, considering the install base of these games.
I honestly do not know what policy other distributions follow, so I cannot answer this.
If this problem is on their end, are other games/applications able to trigger it?
So far we have not found any other games that allow code execution. The most that is "vulnerable" is people's ability to change their own score.
They've essentially wiped these fundamental applications (sorry) off their tree for the time being, that's pretty severe.
No. They have been masked to allow the user to decide for themselves if they wish to take the risk of having the game installed. On a system where there is only a single user, or one where only trusted users are in the games group, there is no issue.
Does anyone have any insight into this? I'm a big nethack fan..
Well, I'm one of the members of Gentoo's games team, so I'm a pretty good resource on this. (Posting from my home address since my Gentoo one isn't registered with the list) -- Chris Gianelloni Release Engineering - Strategic Lead x86 Architecture Team Games - Developer Gentoo Linux
Current thread:
- [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation Sune Kloppenborg Jeppesen (Mar 23)
- Re: [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation neeko (Mar 24)
- Re: [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation Chris Gianelloni (Mar 24)
- Re: [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation Tavis Ormandy (Mar 24)
- Re: [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation neeko (Mar 24)