It has come to my attention that there are quite a few local exploits circling around in the private sector for GID Games. Several of the games have vanilla stack overflows in them which can lead to elevation of privileges if successfully exploited.
On Sat, Oct 15, 2005 at 09:39:27PM -0700, Stephen Major wrote:> It has come to my attention that there are quite a few local exploits > circling around in the private sector for GID Games. > > > > Several of the games have vanilla stack overflows in them which can lead to > elevation of privileges if successfully exploited.Big deal..that's why they're setgid games (which can only write to game data files) and not setuid anything important :-) Kris -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20051016/5bbd2161/attachment.bin
Stephen Major wrote:> It has come to my attention that there are quite a few local exploits > circling around in the private sector for GID Games. > > Several of the games have vanilla stack overflows in them which can lead to > elevation of privileges if successfully exploited.As Kris commented, the games group doesn't normally have any significant privileges, so we don't consider bugs of this sort to be major security problems (it's not really an _elevation_ of privileges to become gid games). On the other hand, these are certainly bugs which should get fixed. If you have any details about these, please forward them to secteam@freebsd.org so that we can investigate. Colin Percival FreeBSD Security Officer