Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 22 Nov 2001 02:48:13 -0800
From:      Kris Kennaway <kris@obsecurity.org>
To:        Anthony Atkielski <anthony@freebie.atkielski.com>
Cc:        FreeBSD Questions <freebsd-questions@FreeBSD.ORG>, freebsd-security@FreeBSD.ORG
Subject:   Re: setuid on nethack?
Message-ID:  <20011122024813.A24038@xor.obsecurity.org>
In-Reply-To: <014201c17336$40653f90$0a00000a@atkielski.com>; from anthony@freebie.atkielski.com on Thu, Nov 22, 2001 at 10:15:37AM %2B0100
References:  <014201c17336$40653f90$0a00000a@atkielski.com>

next in thread | previous in thread | raw e-mail | index | archive | help

--Kj7319i9nmIyA2yE
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Thu, Nov 22, 2001 at 10:15:37AM +0100, Anthony Atkielski wrote:
> This morning I see an e-mail from the system telling me that setuid is set on
> nethack, the adventure-style game that I installed recently.  Why would this
> game require this bit?  I reset it with chmod 0544, which seems like plenty to

On multiuser systems the nethack binary needs the ability to write
saved games and score files, when nethack is run by a variety of
different users.  This is the case for a lot of games; a while back I
went through and did a sweep to make sure that any games which require
extra privilege for this purpose are using setgid games, not setuid
anything (because the games gid only has the power to overwrite the
score/save files for the games, and cannot take over any binaries
directly as it could if they were setuid).  Thus, it's only a marginal
risk on a multiuser system (but still a slight risk, as with all
binaries which execute with privilege).  If you're on a single-user
system then none of this should concern you anyway.  If it does
concern you then feel free to pkg_delete :-)

Kris

--Kj7319i9nmIyA2yE
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7/NfsWry0BWjoQKURAkHTAJ9kTVMSSaJDrqKOB0gMyGSoK+nVBgCgt8JQ
weWg4ow4qMSzJcIM6MiRZVk=
=aVwK
-----END PGP SIGNATURE-----

--Kj7319i9nmIyA2yE--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011122024813.A24038>