nethack creates several private files with permissions specified by the #define FCMASK. These files include save game files, bones files, and level files while a game is in progress. include/unixconf.h defines FCMASK to 0660. nethack is setuid, but runs as the group of the user who started it. Therefore users can modify their own save games, bones files, and level files. At best this allows users to cheat on the high score list. At worst I this allows privelidge escalation into the 'games' uid, or into other users who also run nethack. I am assuming that nethack is not robust in restoring save game files. It certainly performs some pointer juggling that looks unsafe Changing these permissions to 0600 with the patch below works for me. *** /usr/portage/app-games/nethack/nethack-3.4.0-r6.ebuild.old Fri Feb 21 21:27:21 2003 --- /usr/portage/app-games/nethack/nethack-3.4.0-r6.ebuild Fri Feb 21 21:33:52 2003 *************** *** 52,53 **** --- 52,54 ---- sed -e 's:^/\* \(#define LINUX\) .*:\1:' \ + -e 's/0660/0600/' \ -e 's:^/\* \(#define TIMED_DELAY\) .*:\1:' \
i removed the setuid bit ... could you see if it'll work for you now ? http://cvs.gentoo.org/cgi-bin/viewcvs.cgi/gentoo-x86/app-games/nethack/nethack-3.4.1.ebuild.diff?r1=1.6&r2=1.7
ive removed the setuid bit and the mask stays the same ... so ppl in the games group can still modify the files i guess the better route here would be to have nethack save individual stuff in ~/ ... re-open if you'd like more to be done on this ...
