Hello everyone. Doesn't the included text from the advisory really make it sound more like a problem with their system for managing games? It doesn't point out any flaw in nethack in general, just behavior that's unexpected/unwanted/uncontrollable in their system. Are any other distributions/platforms vulnerable to a problem in nethack like this? Sounds like it'd be big news, considering the install base of these games. If this problem is on their end, are other games/applications able to trigger it? They've essentially wiped these fundamental applications (sorry) off their tree for the time being, that's pretty severe. Does anyone have any insight into this? I'm a big nethack fan.. Thanks. -- J.Roberts (Neeko) > > Description > =========== > > NetHack, Slash'EM and Falcon's Eye have been found to be incompatible > with the system used for managing games on Gentoo Linux. As a result, > they cannot be played securely on systems with multiple users. > > Impact > ====== > > A local user who is a member of group "games" may be able to modify the > state data used by NetHack, Slash'EM or Falcon's Eye to trigger the > execution of arbitrary code with the privileges of other players. > Additionally, the games may create save game files in a manner not > suitable for use on Gentoo Linux, potentially allowing a local user to > create or overwrite files with the permissions of other players. >
