Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation

From: Chris Gianelloni <wolf31o2 () charter net>
Date: Fri, 24 Mar 2006 14:38:35 -0500
On Fri, 2006-03-24 at 03:26 -0800, neeko () feelingsinister net wrote:

Doesn't the included text from the advisory really make it sound more like a 
problem with their system for managing games?  It doesn't point out any flaw 
in nethack in general, just behavior that's unexpected/unwanted/uncontrollable
in their system.


It isn't a vulnerability in nethack, per se.

The problem is that we do not have games running as setgid games.
Because of this, we use the games group to control access to who can run
games, such as nethack.  The problem stems from the ability of a user in
the games group to modify the scores file.  When the file is read, it
isn't validated properly, allowing for code to be executed by anyone
running nethack.


Are any other distributions/platforms vulnerable to a problem in nethack like
this?  Sounds like it'd be big news, considering the install base of these
games.


I honestly do not know what policy other distributions follow, so I
cannot answer this.


If this problem is on their end, are other games/applications able to trigger
it?


So far we have not found any other games that allow code execution.  The
most that is "vulnerable" is people's ability to change their own score.


They've essentially wiped these fundamental applications (sorry) off their
tree for the time being, that's pretty severe.


No.  They have been masked to allow the user to decide for themselves if
they wish to take the risk of having the game installed.  On a system
where there is only a single user, or one where only trusted users are
in the games group, there is no issue.


Does anyone have any insight into this?  I'm a big nethack fan..


Well, I'm one of the members of Gentoo's games team, so I'm a pretty
good resource on this.

(Posting from my home address since my Gentoo one isn't registered with
the list)

-- 
Chris Gianelloni
Release Engineering - Strategic Lead
x86 Architecture Team
Games - Developer
Gentoo Linux
Previous By Date Next
Previous By Thread Next

Current thread: