Re: GID Games Exploits
--2oS5YaxWCcQjTEyO
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sun, Oct 16, 2005 at 10:15:23AM +0200, Mathieu Arnold wrote:
>=20
> +-le 16/10/2005 00:47 -0400, Kris Kennaway =E9crivait :
> | On Sat, Oct 15, 2005 at 09:39:27PM -0700, Stephen Major wrote:
> |> It has come to my attention that there are quite a few local exploits
> |> circling around in the private sector for GID Games.
> |>=20
> |> =20
> |>=20
> |> Several of the games have vanilla stack overflows in them which can le=
ad to
> |> elevation of privileges if successfully exploited.
> |=20
> | Big deal..that's why they're setgid games (which can only write to
> | game data files) and not setuid anything important :-)
>=20
> It means that I can change my own score to something better, that's very
> important :-)
No ! It means you could access directory trees where your own group
would not have access to, for example on freeshell.org:
[sdf] ~> ls -al /usr/pkg/bin/perl =
=20
-rwx---r-x 2 root users 22246 Aug 7 11:16 /usr/pkg/bin/perl
Groups are frequently used for negative permissions, because ACL's would
be overkill or not possible on the filesystem in question.
>=20
> --=20
> Mathieu Arnold
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or=
g"
>=20
>=20
--=20
People usually get what's coming to them ... unless it's been mailed.
--2oS5YaxWCcQjTEyO
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (OpenBSD)
iD8DBQFDUhT/gDLTDEgDPT0RAmy6AJ48mB+5l0YOqy8n74ekrOu48LUH0gCfVO05
Oap7AOGwLASpQBXrnTy92LQ=
=hwk2
-----END PGP SIGNATURE-----
--2oS5YaxWCcQjTEyO--
討論串 (同標題文章)
完整討論串 (本文為第 4 之 7 篇):