From owner-freebsd-audit Thu Sep 13 21: 8:51 2001 Delivered-To: freebsd-audit@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id A257B37B406 for ; Thu, 13 Sep 2001 21:08:46 -0700 (PDT) Received: from localhost (arr@localhost) by fledge.watson.org (8.11.6/8.11.5) with SMTP id f8E48Z511346 for ; Fri, 14 Sep 2001 00:08:36 -0400 (EDT) (envelope-from arr@watson.org) Date: Fri, 14 Sep 2001 00:08:35 -0400 (EDT) From: "Andrew R. Reiter" To: freebsd-audit@freebsd.org Subject: dungeon master patch Message-ID: MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="0-161585195-1000440515=:11262" Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime@docserver.cac.washington.edu for more info. --0-161585195-1000440515=:11262 Content-Type: TEXT/PLAIN; charset=US-ASCII hey, I just started to go through -current (seemingly on default) s{g,u}id bins and their source for security vulns. I found a few definet coding problems in dungeon master (setgid games ;-)), however, since you can't specify the config file, they are probably non-exploitable. but, hey, it's being installed setgid (even if it is games), might as well use good coding practice. the patch is attached, and also can be found at: http://www.watson.org/~arr/fbsd-audit/games/dm/dm.c.diff cheers, andrew *-------------................................................. | Andrew R. Reiter | arr@fledge.watson.org | "It requires a very unusual mind | to undertake the analysis of the obvious" -- A.N. Whitehead --0-161585195-1000440515=:11262 Content-Type: TEXT/PLAIN; charset=US-ASCII; name="dm.c.diff" Content-Transfer-Encoding: BASE64 Content-ID: Content-Description: LS0tIGRtLmMub3JpZwlUaHUgU2VwIDEzIDIyOjQ0OjI1IDIwMDENCisrKyBk bS5jCVRodSBTZXAgMTMgMjM6MDI6NDMgMjAwMQ0KQEAgLTExMSwxNSArMTEx LDE2IEBADQogcGxheShhcmdzKQ0KIAljaGFyICoqYXJnczsNCiB7DQotCWNo YXIgcGJ1ZltNQVhQQVRITEVOXTsNCisJY2hhciBwYnVmW01BWFBBVEhMRU4r MV07DQogDQotCWlmIChzaXplb2YoX1BBVEhfSElERSkgKyBzdHJsZW4oZ2Ft ZSkgPiBzaXplb2YocGJ1ZikpIHsNCisJaWYgKHNpemVvZihfUEFUSF9ISURF KSArIHN0cmxlbihnYW1lKSArIDEgPiBzaXplb2YocGJ1ZikpIHsNCiAJCSh2 b2lkKWZwcmludGYoc3RkZXJyLCAiZG06ICVzLyVzOiAlc1xuIiwgX1BBVEhf SElERSwgZ2FtZSwNCiAJCQlzdHJlcnJvcihFTkFNRVRPT0xPTkcpKTsNCiAJ CWV4aXQoMSk7DQogCX0NCi0JKHZvaWQpc3RyY3B5KHBidWYsIF9QQVRIX0hJ REUpOw0KLQkodm9pZClzdHJjcHkocGJ1ZiArIHNpemVvZihfUEFUSF9ISURF KSAtIDEsIGdhbWUpOw0KKwliemVybygodm9pZCAqKSZwYnVmLCBNQVhQQVRI TEVOKzEpOw0KKwlzdHJsY3B5KHBidWYsIF9QQVRIX0hJREUsIHNpemVvZihw YnVmKSk7DQorCXN0cmxjYXQocGJ1ZitzdHJsZW4oX1BBVEhfSElERSksIGdh bWUsIHNpemVvZihwYnVmKS1zdHJsZW4oX1BBVEhfSElERSkpOw0KIAlpZiAo cHJpb3JpdHkgPiAwKQkvKiA8IDAgcmVxdWlyZXMgcm9vdCAqLw0KIAkJKHZv aWQpc2V0cHJpb3JpdHkoUFJJT19QUk9DRVNTLCAwLCBwcmlvcml0eSk7DQog CWV4ZWN2KHBidWYsIGFyZ3MpOw0KQEAgLTEzNSwzMCArMTM2LDM3IEBADQog cmVhZF9jb25maWcoKQ0KIHsNCiAJRklMRSAqY2ZwOw0KLQljaGFyIGxidWZb QlVGU0laXSwgZjFbNDBdLCBmMls0MF0sIGYzWzQwXSwgZjRbNDBdLCBmNVs0 MF07DQorCWNoYXIgbGJ1ZltCVUZTSVorMV0sIGYxWzQwXSwgZjJbNDBdLCBm M1s0MF0sIGY0WzQwXSwgZjVbNDBdOw0KIA0KIAlpZiAoIShjZnAgPSBmb3Bl bihfUEFUSF9DT05GSUcsICJyIikpKQ0KIAkJcmV0dXJuOw0KLQl3aGlsZSAo ZmdldHMobGJ1Ziwgc2l6ZW9mKGxidWYpLCBjZnApKQ0KKwl3aGlsZSAoZmdl dHMobGJ1Ziwgc2l6ZW9mKGxidWYpLTEsIGNmcCkpIHsNCisJCWJ6ZXJvKCZm MSwgc2l6ZW9mKGYxKSk7DQorCQliemVybygmZjIsIHNpemVvZihmMikpOw0K KwkJYnplcm8oJmYzLCBzaXplb2YoZjMpKTsNCisJCWJ6ZXJvKCZmNCwgc2l6 ZW9mKGY0KSk7DQorCQliemVybygmZjUsIHNpemVvZihmNSkpOw0KIAkJc3dp dGNoKCpsYnVmKSB7DQogCQljYXNlICdiJzoJCS8qIGJhZHR0eSAqLw0KLQkJ CWlmIChzc2NhbmYobGJ1ZiwgIiVzJXMiLCBmMSwgZjIpICE9IDIgfHwNCisJ CQlpZiAoc3NjYW5mKGxidWYsICIlMzlzJTM5cyIsIGYxLCBmMikgIT0gMiB8 fA0KIAkJCSAgICBzdHJjYXNlY21wKGYxLCAiYmFkdHR5IikpDQogCQkJCWJy ZWFrOw0KIAkJCWNfdHR5KGYyKTsNCiAJCQlicmVhazsNCiAJCWNhc2UgJ2cn OgkJLyogZ2FtZSAqLw0KLQkJCWlmIChzc2NhbmYobGJ1ZiwgIiVzJXMlcyVz JXMiLA0KKwkJCWlmIChzc2NhbmYobGJ1ZiwgIiUzOXMlMzlzJTM5cyUzOXMl MzlzIiwNCiAJCQkgICAgZjEsIGYyLCBmMywgZjQsIGY1KSAhPSA1IHx8IHN0 cmNhc2VjbXAoZjEsICJnYW1lIikpDQogCQkJCWJyZWFrOw0KIAkJCWNfZ2Ft ZShmMiwgZjMsIGY0LCBmNSk7DQogCQkJYnJlYWs7DQogCQljYXNlICd0JzoJ CS8qIHRpbWUgKi8NCi0JCQlpZiAoc3NjYW5mKGxidWYsICIlcyVzJXMlcyIs IGYxLCBmMiwgZjMsIGY0KSAhPSA0IHx8DQotCQkJICAgIHN0cmNhc2VjbXAo ZjEsICJ0aW1lIikpDQorCQkJaWYgKHNzY2FuZihsYnVmLCAiJTM5cyUzOXMl MzlzJTM5cyIsIA0KKwkJCSAgICBmMSwgZjIsIGYzLCBmNCkgIT0gNCB8fCBz dHJjYXNlY21wKGYxLCAidGltZSIpKQ0KIAkJCQlicmVhazsNCiAJCQljX2Rh eShmMiwgZjMsIGY0KTsNCiAJCX0NCisJCWJ6ZXJvKCZsYnVmLCBzaXplb2Yo bGJ1ZikpOw0KKwl9DQogCSh2b2lkKWZjbG9zZShjZnApOw0KIH0NCiANCg== --0-161585195-1000440515=:11262-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message