GID Games Exploits
Jimmy Scott
jimmy at inet-solutions.be
Sun Oct 16 01:53:23 PDT 2005
On Sun, Oct 16, 2005 at 10:15:23AM +0200, Mathieu Arnold wrote:
>
> +-le 16/10/2005 00:47 -0400, Kris Kennaway écrivait :
> | On Sat, Oct 15, 2005 at 09:39:27PM -0700, Stephen Major wrote:
> |> It has come to my attention that there are quite a few local exploits
> |> circling around in the private sector for GID Games.
> |>
> |>
> |>
> |> Several of the games have vanilla stack overflows in them which can lead to
> |> elevation of privileges if successfully exploited.
> |
> | Big deal..that's why they're setgid games (which can only write to
> | game data files) and not setuid anything important :-)
>
> It means that I can change my own score to something better, that's very
> important :-)
No ! It means you could access directory trees where your own group
would not have access to, for example on freeshell.org:
[sdf] ~> ls -al /usr/pkg/bin/perl
-rwx---r-x 2 root users 22246 Aug 7 11:16 /usr/pkg/bin/perl
Groups are frequently used for negative permissions, because ACL's would
be overkill or not possible on the filesystem in question.
>
> --
> Mathieu Arnold
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
>
>
--
People usually get what's coming to them ... unless it's been mailed.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20051016/9b8b4fb0/attachment.bin
More information about the freebsd-security
mailing list