Re: security audit of package toppler

To: debian-security@lists.debian.org
Subject: Re: security audit of package toppler
From: Bill Allombert <allomber@math.u-bordeaux.fr>
Date: Tue, 11 Nov 2003 10:25:36 +0100
Message-id: <[🔎] 20031111092536.GH3260@seventeen>
In-reply-to: <[🔎] 20031104000940.GA17701@steve.org.uk>

[Sorry I missed your answer...]
> On Tue, Nov 04, 2003 at 12:14:47AM +0100, Bill Allombert wrote:
> 
> > So, I would like to know if one of you is willing to review toppler.
> 
>   I had a look at the two versions to hand, toppler 0.96 in stable,
>  and toppler-1.0.3 in unstable.  Neither of these are installed setuid
>  upon my system.

Yes, I disabled the setgid bit before woody is released.

>   The only thing I'd want to look at properly are the file handling, if
>  the game is setgid it may be possible to read/write to files a normal
>  user shouldn't be able to access.

That is also my concern. Toppler read/write a dotfile in the user home.

> > Toppler could be made setgid games, but this was disabled with security
> > concern with older version. Newer version have security fix, but I would
> > like the advice of a security expert before reenabling it.
> 
>   Looking over the code the only difference would be a highscore
>  function, right?  Could it be made setgid it's own group instead of
>  setgid(games)?

Yes, the setgid is solely needed to maintain a global highscore file instead
of a per-user highscore file. It can use it's own group.

Thanks for your analysis.

Cheers,
Bill.

[Please CC me on debian-security, thanks]

Reply to:

References:
- Re: security audit of package toppler
  - From: Steve Kemp <skx@debian.org>

Prev by Date: Re: Zero PID processes
Next by Date: tiger stops sending reports
Previous by thread: Re: security audit of package toppler
Next by thread: certificate server
Index(es):
- Date
- Thread