Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 122376 - games-roguelike/nethack: insecure save game creation
Summary: games-roguelike/nethack: insecure save game creation
Status: RESOLVED DUPLICATE of bug 125902
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [ebuild+]
Depends on:
Reported: 2006-02-10 07:55 UTC by Tavis Ormandy (RETIRED)
Modified: 2006-03-12 03:41 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Tavis Ormandy (RETIRED) gentoo-dev 2006-02-10 07:55:14 UTC
As gentoo doesnt follow the standard of setting games to setgid a low privileged group, any user in group games can create symlinks in /var/games/nethack/save, allowing them to trick other users to overwriting or creating files.


cd /var/games/nethack/save
ln -s /any/file/victim/owns <uid><username>.bz2

now get victim to run nethack, when they save their game target file will be overwritten or created.

This only affects gentoo, and is not a bug in nethack.
Comment 1 Chris Gianelloni (RETIRED) gentoo-dev 2006-02-10 12:13:09 UTC
See, this is not *at all* what you explained to me this morning.  Had you used *this* example, you would have convinced me that *something* needs to be done to resolve this.  I'm still not convinced that setgid is the answer, but something should be done. =]
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2006-02-11 14:01:26 UTC
Games team, please advise
Comment 3 Thierry Carrez (RETIRED) gentoo-dev 2006-02-21 09:50:17 UTC
Comment 4 Thierry Carrez (RETIRED) gentoo-dev 2006-03-12 03:41:49 UTC
Regrouping nethack / group games issues.

*** This bug has been marked as a duplicate of 125902 ***