| 1 |
On 2013-01-02, Philip Webb wrote: |
| 2 |
|
| 3 |
> 130102 Nuno J. Silva wrote: |
| 4 |
>> On 2013-01-01, Bryan Gardiner wrote: |
| 5 |
>>> Today I wanted to install nethack and found it is masked: |
| 6 |
>> If you're the only user of your computer, you could also just unmask |
| 7 |
>> the version in Portage. The bug is that any user in the games group |
| 8 |
>> can edit all save files, so if you want to hack your own saves, go ahead. |
| 9 |
>> The main problem is not the cheating, but that nethack does not employ |
| 10 |
>> any kind of checks on the scores file when reading it, this effectively |
| 11 |
>> enables an attack vector where anyone with access to the scores file can |
| 12 |
>> exploit vulnerabilities in nethack simply by writing a specially-crafted |
| 13 |
>> score file. |
| 14 |
>> Nethack just relies on being setgid to a group and installing the scores |
| 15 |
>> file as writeable by that group. Unfortunately, that happens to be the |
| 16 |
>> very same "games" group Gentoo uses to group users who are allowed to |
| 17 |
>> play games, therefore rendering nethack's protection useless. |
| 18 |
> |
| 19 |
> Does the insecurity extend beyond Nethack itself ? |
| 20 |
> -- if not, hard-masking it seems a bit draconian: |
| 21 |
> it sb quite safe on a single-user system. |
| 22 |
|
| 23 |
It's an attack vector. If it is exploited, it extends to your whole |
| 24 |
account, plus any system/service whose passwords/credentials are stored |
| 25 |
in your files. |
| 26 |
|
| 27 |
Now if it's a single-user system, the attacker would need to already |
| 28 |
have access to a user in the games group in your system, and the only |
| 29 |
account in that group is likely yours, so I doubt there would be a big |
| 30 |
issue. |
| 31 |
|
| 32 |
-- |
| 33 |
Nuno Silva (aka njsg) |
| 34 |
http://njsg.sdf-eu.org/ |
Archives