Date: Sun, 16 Oct 2005 10:53:19 +0200 From: Jimmy Scott <jimmy@inet-solutions.be> To: Mathieu Arnold <mat@mat.cc> Cc: freebsd-security@freebsd.org, Stephen Major <smajor@gmail.com>, Kris Kennaway <kris@obsecurity.org> Subject: Re: GID Games Exploits Message-ID: <20051016085319.GA11795@ada.devbox.be> In-Reply-To: <4FB7164D6E6041F49E3BEE97@cc-126-240.int.t-online.fr> References: <4351d9bd.6245f154.4f04.ffffb6ef@mx.gmail.com> <20051016044712.GA27867@xor.obsecurity.org> <4FB7164D6E6041F49E3BEE97@cc-126-240.int.t-online.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Sun, Oct 16, 2005 at 10:15:23AM +0200, Mathieu Arnold wrote: > > +-le 16/10/2005 00:47 -0400, Kris Kennaway écrivait : > | On Sat, Oct 15, 2005 at 09:39:27PM -0700, Stephen Major wrote: > |> It has come to my attention that there are quite a few local exploits > |> circling around in the private sector for GID Games. > |> > |> > |> > |> Several of the games have vanilla stack overflows in them which can lead to > |> elevation of privileges if successfully exploited. > | > | Big deal..that's why they're setgid games (which can only write to > | game data files) and not setuid anything important :-) > > It means that I can change my own score to something better, that's very > important :-) No ! It means you could access directory trees where your own group would not have access to, for example on freeshell.org: [sdf] ~> ls -al /usr/pkg/bin/perl -rwx---r-x 2 root users 22246 Aug 7 11:16 /usr/pkg/bin/perl Groups are frequently used for negative permissions, because ACL's would be overkill or not possible on the filesystem in question. > > -- > Mathieu Arnold > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > > -- People usually get what's coming to them ... unless it's been mailed. [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (OpenBSD) iD8DBQFDUhT/gDLTDEgDPT0RAmy6AJ48mB+5l0YOqy8n74ekrOu48LUH0gCfVO05 Oap7AOGwLASpQBXrnTy92LQ= =hwk2 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051016085319.GA11795>