Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-1390 nethack: Local privilege escalation via crafted score file Alias: CVE-2006-1390 https://bugzilla.redhat.com/show_bug.cgi?id=187353 ------- Additional Comments From metcalfegreg@xxxxxxxxx 2008-04-04 13:44 EST ------- My group count is already up to 60, with one user. IMHO, adding another for some random game is not optimal. It only life makes life harder for people writing system profiling/hardening/management tools, and systems administrators that would like to use them to manage groups of machines. A best practice for *writing* SUID/SGID programs is to use those privileges as early as possible, then revoke them. If nethack isn't doing that, I have to wonder what other problems it might have, and whether I should allow it on the system at all. I just installed it, and got this error, as I have no /etc/X11/fontpath.d/: ln: creating symbolic link `/etc/X11/fontpath.d/nethack': No such file or directory error: %post(nethack-3.4.3-16.fc7.i386) scriptlet failed, exit status 1 Installed: nethack.i386 0:3.4.3-16.fc7 Complete! So, another problem. I started it, and find the following files in var/games/nethack: -rw-rw-r-- 1 root games 0 2008-01-23 12:48 logfile -rw-rw-r-- 1 root games 0 2008-01-23 12:48 perm -rw-rw-r-- 1 root games 0 2008-01-23 12:48 record drwxrwxr-x 2 root games 4096 2008-01-23 12:48 save I quit, and logfile contains: 3.4.3 0 0 1 1 14 14 0 20080404 20080404 500 Pri Hum Fem Cha gregm,quit So it does have to write into /var/log, as current designed. Some other characteristics of the executable: $ eu-readelf -l /usr/games/nethack-3.4.3/nethack | fgrep STACK | awk '{ print $7 }' RW eu-readelf -d /usr/games/nethack-3.4.3/nethack | fgrep -q TEXTREL exits with 1, so the program contains no text relocations. So at least those bits are OK. But I wonder if this program couldn't have been better written, to use /tmp, then call a logger before exit. I just don't like the idea of adding yet another group for some random game. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
