[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: default MTA for sarge



On Wed, Jul 16, 2003 at 11:53:32AM +1000, Russell Coker wrote:

> consider the game exploit (for nethack if I recall correctly) whereby a
> bug in the SETGID game allowed writing corrupt data to the game files
> which then triggered a buffer overflow in a root process run from the
> startup scripts.

If you're talking about the bug I think you are, the issue was that a
setgid-games binary was also writable by gid games, so that anyone who could
exploit any setgid games binary could overwrite it.

This binary was run by an init script, via su, under the uid of any user
(_except_ root) who had an interrupted nethack game needing recovery, but of
course, it would be likely for the user to run nethack themselves anyway as
well.  There was no root exploit involved (unless, of course, the root user
ran the recover binary for some reason), though there was some FUD spread by
an overzealous linux-kernel developer.

http://www.debian.org/security/2003/dsa-316

-- 
 - mdz



Reply to: