Bug 122376

Summary:	games-roguelike/nethack: insecure save game creation
Product:	Gentoo Security	Reporter:	Tavis Ormandy (RETIRED) <taviso>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED DUPLICATE
Severity:	minor	CC:	games
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B3 [ebuild+]
Package list:		Runtime testing required:	---

Description Tavis Ormandy (RETIRED) gentoo-dev

2006-02-10 07:55:14 UTC

As gentoo doesnt follow the standard of setting games to setgid a low privileged group, any user in group games can create symlinks in /var/games/nethack/save, allowing them to trick other users to overwriting or creating files.

reproduce:

cd /var/games/nethack/save
ln -s /any/file/victim/owns <uid><username>.bz2

now get victim to run nethack, when they save their game target file will be overwritten or created.

This only affects gentoo, and is not a bug in nethack.

Comment 1 Chris Gianelloni (RETIRED) gentoo-dev

2006-02-10 12:13:09 UTC

See, this is not *at all* what you explained to me this morning.  Had you used *this* example, you would have convinced me that *something* needs to be done to resolve this.  I'm still not convinced that setgid is the answer, but something should be done. =]

Comment 2 Thierry Carrez (RETIRED) gentoo-dev

2006-02-11 14:01:26 UTC

Games team, please advise

Comment 3 Thierry Carrez (RETIRED) gentoo-dev

2006-02-21 09:50:17 UTC

Late.

Comment 4 Thierry Carrez (RETIRED) gentoo-dev

2006-03-12 03:41:49 UTC

Regrouping nethack / group games issues.

*** This bug has been marked as a duplicate of 125902 ***