"A local attacker could pass a long $HOME environment variable to overflow a buffer and execute arbitrary code on the system." I have come up with a fix for this. New ebuild and patch to be attached. Note: I have tested unpatched 0verkill-0.16 and found that I could make it segfault by passing a very long $HOME. Interestingly enough, even with -fstack-protector (gcc-3.3.2-r2) turned on, it still segfaults, and it should abort with a "stack smashing" error message.
Created attachment 20870 [details] games-action/0verkill/0verkill-0.16-r1.ebuild
Created attachment 20871 [details, diff] games-action/0verkill/files/0.16-HOME-fix.patch I have tested this patch briefly, and it looks correct, but I recommend it be reviewed further.
although i agree it should be patched (hell ive made patches that use similar code for games that i'll be changing soon :D) i dont see why this is a security vulnerability ... games on Gentoo run as the user, they dont run as other people ... thus a user can buffer overflow their own address space but so what ? :)
Andy, Attachment #2 [details] failes to patch clean using Attachment #1 [details] Is this game setuid/setgid?
no, we dont set games uid or gid at this time so we'll just treat it as a bugfix
now in cvs, thanks for the patch