[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [LCFC] templates://nethack/{nethack-common.templates}

On Tuesday 10 March 2009, Justin B Rye wrote:
> Esko Arajärvi wrote:
> > + This allows players to recover their save files, should NetHack crash
> > or + their connection drop mid-game. However, this leaves the Nethack's
> > save + directory world-writable and makes possible both cheating and
> > messing up + other players.
> s/the Nethack's save directory/NetHack's save directory/


> "Leaves it world-writeable" would imply that the a+w bit is set.  It
> doesn't do that, does it?  It just lets anybody run something that
> can (in the course of its duties) write to that directory.  Are
> there known recover exploits that let users modify save files, or is
> this a "hypothetically possible"?

The chapter I summarised reads:

       Since  recover  must be able to read and delete
       files from the playground and create  files  in
       the save directory, it has interesting interac‐
       tions  with  game  security.   Giving  ordinary
       players  access  to  recover  through setuid or
       setgid is tantamount to leaving the  playground
       world-writable,  with  respect to both cheating
       and messing up other players.   For  a  single-
       user  system,  this  of  course does not change
       anything, so some of  the  microcomputer  ports
       install recover by default.

This seems to imply that this is a known exploit. But my suggestion could be 
improved anyway. The "world-writable" should be explained more or probably 
changed. Any ideas?


Esko Arajärvi - edu@iki.fi - +358-50-5446844
"Only idiots quote signatures." -Antti Kuntsi (at his .sig)

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: