BugTraq
[ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation Mar 23 2006 10:10PM
Sune Kloppenborg Jeppesen (jaervosz gentoo org) (1 replies)
Re: [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation Mar 24 2006 11:26AM
neeko feelingsinister net (2 replies)
Re: [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Localprivilege escalation Mar 24 2006 07:38PM
Chris Gianelloni (wolf31o2 charter net)
On Fri, 2006-03-24 at 03:26 -0800, neeko (at) feelingsinister (dot) net [email concealed] wrote:
> Doesn't the included text from the advisory really make it sound more like a
> problem with their system for managing games? It doesn't point out any flaw
> in nethack in general, just behavior that's unexpected/unwanted/uncontrollable
> in their system.

It isn't a vulnerability in nethack, per se.

The problem is that we do not have games running as setgid games.
Because of this, we use the games group to control access to who can run
games, such as nethack. The problem stems from the ability of a user in
the games group to modify the scores file. When the file is read, it
isn't validated properly, allowing for code to be executed by anyone
running nethack.

> Are any other distributions/platforms vulnerable to a problem in nethack like
> this? Sounds like it'd be big news, considering the install base of these
> games.

I honestly do not know what policy other distributions follow, so I
cannot answer this.

> If this problem is on their end, are other games/applications able to trigger
> it?

So far we have not found any other games that allow code execution. The
most that is "vulnerable" is people's ability to change their own score.

> They've essentially wiped these fundamental applications (sorry) off their
> tree for the time being, that's pretty severe.

No. They have been masked to allow the user to decide for themselves if
they wish to take the risk of having the game installed. On a system
where there is only a single user, or one where only trusted users are
in the games group, there is no issue.

> Does anyone have any insight into this? I'm a big nethack fan..

Well, I'm one of the members of Gentoo's games team, so I'm a pretty
good resource on this.

(Posting from my home address since my Gentoo one isn't registered with
the list)

--
Chris Gianelloni
Release Engineering - Strategic Lead
x86 Architecture Team
Games - Developer
Gentoo Linux

[ reply ]
Re: [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation Mar 24 2006 05:19PM
Tavis Ormandy (taviso gentoo org)


 

Privacy Statement
Copyright 2010, SecurityFocus