From owner-freebsd-hackers Sat Aug 30 05:18:42 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id FAA14771 for hackers-outgoing; Sat, 30 Aug 1997 05:18:42 -0700 (PDT) Received: from bitbox.follo.net (bitbox.follo.net [194.198.43.36]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id FAA14763 for ; Sat, 30 Aug 1997 05:18:38 -0700 (PDT) Received: (from eivind@localhost) by bitbox.follo.net (8.8.6/8.8.6) id OAA06130; Sat, 30 Aug 1997 14:18:32 +0200 (MET DST) Date: Sat, 30 Aug 1997 14:18:32 +0200 (MET DST) Message-Id: <199708301218.OAA06130@bitbox.follo.net> From: Eivind Eklund To: Alfred Perlstein CC: perhaps@yes.no, benedict@echonyc.com, freebsd-hackers@FreeBSD.ORG In-reply-to: Alfred Perlstein's message of Fri, 29 Aug 1997 13:33:11 +0000 (GMT) Subject: Re: A disturbing discovery References: <199708290315.FAA06905@bitbox.follo.net> Sender: owner-freebsd-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > > Could you explain the security problems with games? Due to the setuid nature of games, a potential problem in games would make a user able to overwrite other games, and thus gain access to the accounts of other people that play games. This only applies to the games ordinarily distributed with the system. (I don't know of any security holes that are active, but the games were sloppily written originally, and there might still be holes left. We caught a lot during the review.) By changing the games to setgid, we would avoid the problem. I'm working on a patch now (as I've already exposed the problem, I should take care of it) Eivind.