From owner-freebsd-security@FreeBSD.ORG Sun Oct 16 09:06:51 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A056216A41F for ; Sun, 16 Oct 2005 09:06:51 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd3mo2so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 49A0443D48 for ; Sun, 16 Oct 2005 09:06:51 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd5mr5so.prod.shaw.ca (pd5mr5so-qfe3.prod.shaw.ca [10.0.141.181]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IOG0004R3ZEUO60@l-daemon> for freebsd-security@freebsd.org; Sun, 16 Oct 2005 03:06:50 -0600 (MDT) Received: from pn2ml2so.prod.shaw.ca ([10.0.121.146]) by pd5mr5so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IOG00EUN3ZEHY90@pd5mr5so.prod.shaw.ca> for freebsd-security@freebsd.org; Sun, 16 Oct 2005 03:06:50 -0600 (MDT) Received: from [192.168.0.60] (S0106006067227a4a.vc.shawcable.net [24.87.209.6]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) with ESMTP id <0IOG00K2E3ZE5Y@l-daemon> for freebsd-security@freebsd.org; Sun, 16 Oct 2005 03:06:50 -0600 (MDT) Date: Sun, 16 Oct 2005 02:06:49 -0700 From: Colin Percival In-reply-to: <4351d9bd.6245f154.4f04.ffffb6ef@mx.gmail.com> To: Stephen Major Message-id: <43521829.80109@freebsd.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Accept-Language: en-us, en X-Enigmail-Version: 0.92.1.0 References: <4351d9bd.6245f154.4f04.ffffb6ef@mx.gmail.com> User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051001) Cc: freebsd-security@freebsd.org Subject: Re: GID Games Exploits X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Oct 2005 09:06:51 -0000 Stephen Major wrote: > It has come to my attention that there are quite a few local exploits > circling around in the private sector for GID Games. > > Several of the games have vanilla stack overflows in them which can lead to > elevation of privileges if successfully exploited. As Kris commented, the games group doesn't normally have any significant privileges, so we don't consider bugs of this sort to be major security problems (it's not really an _elevation_ of privileges to become gid games). On the other hand, these are certainly bugs which should get fixed. If you have any details about these, please forward them to secteam@freebsd.org so that we can investigate. Colin Percival FreeBSD Security Officer