1 |
On 2013-01-01, Bryan Gardiner wrote: |
2 |
|
3 |
> On Wed, 2 Jan 2013 02:01:52 +0800 |
4 |
> Analuin Abyssbeholder <cntqrxj@×××××.com> wrote: |
5 |
> |
6 |
>> Today I wanted to install nethack and found it is masked: |
7 |
>> |
8 |
>> The following mask changes are necessary to proceed: |
9 |
>> #required by nethack (argument) |
10 |
>> # /usr/portage/profiles/package.mask: |
11 |
>> # Tavis Ormandy <taviso@g.o> <taviso@g.o> (21 Mar 2006) |
12 |
>> # masked pending unresolved security issues #125902 |
13 |
>> =games-roguelike/nethack-3.4.3-r1 |
14 |
>> |
15 |
>> Then I googled and view |
16 |
>> https://bugs.gentoo.org/show_bug.cgi?id=125902#c82. |
17 |
|
18 |
Well, you could have just gone to bugs.gentoo.org and searched for |
19 |
125902 :-) |
20 |
|
21 |
>> It turned out the bug has been existed for more than six years and is |
22 |
>> related to gentoo's group game policy. So can I just manually install |
23 |
>> nethack as a common user ? |
24 |
> |
25 |
> If you're the only user of your computer, you could also just unmask |
26 |
> the version in Portage. The bug is that any user in the games group |
27 |
> can edit all save files, so if you want to hack your own saves, go |
28 |
> ahead :). Or if you trust all games users. |
29 |
|
30 |
The main problem is not the cheating, but that nethack does not employ |
31 |
any kind of checks on the scores file when reading it, this effectively |
32 |
enables an attack vector where anyone with access to the scores file can |
33 |
exploit vulnerabilities in nethack simply by writing a specially-crafted |
34 |
score file. |
35 |
|
36 |
Nethack just relies on being setgid to a group and installing the scores |
37 |
file as writeable by that group. Unfortunately, that happens to be the |
38 |
very same "games" group Gentoo uses to group users who are allowed to |
39 |
play games, therefore rendering nethack's protection useless. |
40 |
|
41 |
> |
42 |
> Doesn't look like there's any newer version of NetHack out, either. |
43 |
> |
44 |
> Cheers, |
45 |
> Bryan |
46 |
> |
47 |
> |
48 |
|
49 |
-- |
50 |
Nuno Silva (aka njsg) |
51 |
http://njsg.sdf-eu.org/ |