1 |
On 2013-01-02, Philip Webb wrote: |
2 |
|
3 |
> 130102 Nuno J. Silva wrote: |
4 |
>> On 2013-01-01, Bryan Gardiner wrote: |
5 |
>>> Today I wanted to install nethack and found it is masked: |
6 |
>> If you're the only user of your computer, you could also just unmask |
7 |
>> the version in Portage. The bug is that any user in the games group |
8 |
>> can edit all save files, so if you want to hack your own saves, go ahead. |
9 |
>> The main problem is not the cheating, but that nethack does not employ |
10 |
>> any kind of checks on the scores file when reading it, this effectively |
11 |
>> enables an attack vector where anyone with access to the scores file can |
12 |
>> exploit vulnerabilities in nethack simply by writing a specially-crafted |
13 |
>> score file. |
14 |
>> Nethack just relies on being setgid to a group and installing the scores |
15 |
>> file as writeable by that group. Unfortunately, that happens to be the |
16 |
>> very same "games" group Gentoo uses to group users who are allowed to |
17 |
>> play games, therefore rendering nethack's protection useless. |
18 |
> |
19 |
> Does the insecurity extend beyond Nethack itself ? |
20 |
> -- if not, hard-masking it seems a bit draconian: |
21 |
> it sb quite safe on a single-user system. |
22 |
|
23 |
It's an attack vector. If it is exploited, it extends to your whole |
24 |
account, plus any system/service whose passwords/credentials are stored |
25 |
in your files. |
26 |
|
27 |
Now if it's a single-user system, the attacker would need to already |
28 |
have access to a user in the games group in your system, and the only |
29 |
account in that group is likely yours, so I doubt there would be a big |
30 |
issue. |
31 |
|
32 |
-- |
33 |
Nuno Silva (aka njsg) |
34 |
http://njsg.sdf-eu.org/ |