| Summary: | Overkill $HOME environment variable buffer overflow (includes fix) | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Andy Dustman <farcepest> |
| Component: | [OLD] Games | Assignee: | Gentoo Games <games> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | ||
| Priority: | High | ||
| Version: | 1.4 | ||
| Hardware: | All | ||
| OS: | All | ||
| URL: | http://xforce.iss.net/xforce/xfdb/13646 | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Attachments: |
games-action/0verkill/0verkill-0.16-r1.ebuild
games-action/0verkill/files/0.16-HOME-fix.patch |
||
|
Description
Andy Dustman
2003-11-17 12:37:18 UTC
Created attachment 20870 [details]
games-action/0verkill/0verkill-0.16-r1.ebuild
Created attachment 20871 [details, diff]
games-action/0verkill/files/0.16-HOME-fix.patch
I have tested this patch briefly, and it looks correct, but I recommend it be
reviewed further.
although i agree it should be patched (hell ive made patches that use similar code for games that i'll be changing soon :D) i dont see why this is a security vulnerability ... games on Gentoo run as the user, they dont run as other people ... thus a user can buffer overflow their own address space but so what ? :) Andy, Attachment #2 [details] failes to patch clean using Attachment #1 [details] Is this game setuid/setgid? no, we dont set games uid or gid at this time so we'll just treat it as a bugfix now in cvs, thanks for the patch |
