Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 129954

Summary: cheating allowed
Product: Gentoo Security Reporter: Carsten Lohrke (RETIRED) <carlo>
Component: VulnerabilitiesAssignee: Gentoo Games <games>
Status: RESOLVED DUPLICATE    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Carsten Lohrke (RETIRED) gentoo-dev 2006-04-14 08:35:15 UTC 
Users playing games have to be in the games group. Games with systemwide highscores install into /var/games with 664, so every user allowed to play games can modify the scores. If he finds an application that doesn't expect arbitrary data as scores to load, he might be able to inject malicious code to be run, when another user loads the scores file next time.
Comment 1 Jakub Moc (RETIRED) gentoo-dev 2006-04-14 09:03:17 UTC 

*** This bug has been marked as a duplicate of 125902 ***