Re: GID Games Exploits

• Previous message: Stephen Major: "RE: GID Games Exploits"
• In reply to: Mathieu Arnold: "Re: GID Games Exploits"
• Next in thread: Kris Kennaway: "Re: GID Games Exploits"
• Reply: Kris Kennaway: "Re: GID Games Exploits"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 16 Oct 2005 10:53:19 +0200
To: Mathieu Arnold <mat@mat.cc>

On Sun, Oct 16, 2005 at 10:15:23AM +0200, Mathieu Arnold wrote:
>
> +-le 16/10/2005 00:47 -0400, Kris Kennaway écrivait :
> | On Sat, Oct 15, 2005 at 09:39:27PM -0700, Stephen Major wrote:
> |> It has come to my attention that there are quite a few local exploits
> |> circling around in the private sector for GID Games.
> |>
> |>
> |>
> |> Several of the games have vanilla stack overflows in them which can lead to
> |> elevation of privileges if successfully exploited.
> |
> | Big deal..that's why they're setgid games (which can only write to
> | game data files) and not setuid anything important :-)
>
> It means that I can change my own score to something better, that's very
> important :-)

No ! It means you could access directory trees where your own group
would not have access to, for example on freeshell.org:

[sdf] ~> ls -al /usr/pkg/bin/perl
-rwx---r-x 2 root users 22246 Aug 7 11:16 /usr/pkg/bin/perl

Groups are frequently used for negative permissions, because ACL's would
be overkill or not possible on the filesystem in question.

>
> --
> Mathieu Arnold
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
>
>

-- 
People usually get what's coming to them ... unless it's been mailed.

• application/pgp-signature attachment: stored

• Previous message: Stephen Major: "RE: GID Games Exploits"
• In reply to: Mathieu Arnold: "Re: GID Games Exploits"
• Next in thread: Kris Kennaway: "Re: GID Games Exploits"
• Reply: Kris Kennaway: "Re: GID Games Exploits"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages GID Games Exploits ... It has come to my attention that there are quite a few local exploits ... circling around in the private sector for GID Games. ... (FreeBSD-Security) Re: GID Games Exploits ... |> circling around in the private sector for GID Games. ... (FreeBSD-Security) Re: GID Games Exploits ... > circling around in the private sector for GID Games. ... (FreeBSD-Security)