BugTraq
[ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation Mar 23 2006 10:10PM
Sune Kloppenborg Jeppesen (jaervosz gentoo org) (1 replies)
Re: [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation Mar 24 2006 11:26AM
neeko feelingsinister net (2 replies)
Re: [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Localprivilege escalation Mar 24 2006 07:38PM
Chris Gianelloni (wolf31o2 charter net)
Re: [ GLSA 200603-23 ] NetHack, Slash'EM, Falcon's Eye: Local privilege escalation Mar 24 2006 05:19PM
Tavis Ormandy (taviso gentoo org)
On Fri, Mar 24, 2006 at 03:26:12AM -0800, neeko (at) feelingsinister (dot) net [email concealed] wrote:
> Hello everyone.
>
> Doesn't the included text from the advisory really make it sound more like a
> problem with their system for managing games?

Hello, this is accurate.

> It doesn't point out any flaw
> in nethack in general, just behavior that's unexpected/unwanted/uncontrollable
> in their system.

There is no flaw in nethack that we're aware of, this is an interaction
between nethack and the policy used for managing games on gentoo that
results in a security problem.

> Are any other distributions/platforms vulnerable to a problem in nethack like
> this? Sounds like it'd be big news, considering the install base of these
> games.

Unlikely, gentoo uses a non-standard method of installing games, that is
very unlikely to be used elsewhere.

> If this problem is on their end, are other games/applications able to trigger
> it?
>
> They've essentially wiped these fundamental applications (sorry) off their
> tree for the time being, that's pretty severe.

Yes, Gentoo does not use the standard setgid system for games that store
system-wide high scores, save games, etc, and as a result anyone can
manipulate the high score tables or save games.

Nethack was simply not designed to work this way and does not expect
users to be able to modify it's state data arbitrarily, and as a result
makes assumptions about the format of the files that may not hold true
on Gentoo.

We have decided to temporarily revoke these packages while these issues
are resolved.

Thanks, Tavis.

--
-------------------------------------
taviso (at) sdf.lonestar (dot) org [email concealed] | finger me for my pgp key.
-------------------------------------------------------

Transport armor file: /tmp/mutt-insomniac-1000-676-137.asc
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Comment: finger me for my pgp key

iQBVAwUBRCQqBdommWwmkP1xAQEHGgIA1k7+hoUBSdIwpK+nK/IIRW432FnwKLNY
ri721bAAr35w1CrNomTeuFHIjJMZHCWmv976xle5ek2eiHt5Y2sFRw==
=8aqb
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus