Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 14 Sep 2001 00:08:35 -0400 (EDT)
From:      "Andrew R. Reiter" <arr@watson.org>
To:        freebsd-audit@freebsd.org
Subject:   dungeon master patch
Message-ID:  <Pine.NEB.3.96L.1010914000517.11262A-200000@fledge.watson.org>
next in thread | raw e-mail | index | archive | help 
  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.
  Send mail to mime@docserver.cac.washington.edu for more info.

--0-161585195-1000440515=:11262
Content-Type: TEXT/PLAIN; charset=US-ASCII

hey,

I just started to go through -current (seemingly on default) s{g,u}id bins
and their source for security vulns.  I found a few definet coding
problems in dungeon master (setgid games ;-)), however, since you can't
specify the config file, they are probably non-exploitable.  but, hey,
it's being installed setgid (even if it is games), might as well use good
coding practice.

the patch is attached, and also can be found at:

  http://www.watson.org/~arr/fbsd-audit/games/dm/dm.c.diff

cheers,
andrew

*-------------.................................................
| Andrew R. Reiter 
| arr@fledge.watson.org
| "It requires a very unusual mind
|   to undertake the analysis of the obvious" -- A.N. Whitehead

--0-161585195-1000440515=:11262
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="dm.c.diff"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.NEB.3.96L.1010914000835.11262B@fledge.watson.org>
Content-Description: 

LS0tIGRtLmMub3JpZwlUaHUgU2VwIDEzIDIyOjQ0OjI1IDIwMDENCisrKyBk
bS5jCVRodSBTZXAgMTMgMjM6MDI6NDMgMjAwMQ0KQEAgLTExMSwxNSArMTEx
LDE2IEBADQogcGxheShhcmdzKQ0KIAljaGFyICoqYXJnczsNCiB7DQotCWNo
YXIgcGJ1ZltNQVhQQVRITEVOXTsNCisJY2hhciBwYnVmW01BWFBBVEhMRU4r
MV07DQogDQotCWlmIChzaXplb2YoX1BBVEhfSElERSkgKyBzdHJsZW4oZ2Ft
ZSkgPiBzaXplb2YocGJ1ZikpIHsNCisJaWYgKHNpemVvZihfUEFUSF9ISURF
KSArIHN0cmxlbihnYW1lKSArIDEgPiBzaXplb2YocGJ1ZikpIHsNCiAJCSh2
b2lkKWZwcmludGYoc3RkZXJyLCAiZG06ICVzLyVzOiAlc1xuIiwgX1BBVEhf
SElERSwgZ2FtZSwNCiAJCQlzdHJlcnJvcihFTkFNRVRPT0xPTkcpKTsNCiAJ
CWV4aXQoMSk7DQogCX0NCi0JKHZvaWQpc3RyY3B5KHBidWYsIF9QQVRIX0hJ
REUpOw0KLQkodm9pZClzdHJjcHkocGJ1ZiArIHNpemVvZihfUEFUSF9ISURF
KSAtIDEsIGdhbWUpOw0KKwliemVybygodm9pZCAqKSZwYnVmLCBNQVhQQVRI
TEVOKzEpOw0KKwlzdHJsY3B5KHBidWYsIF9QQVRIX0hJREUsIHNpemVvZihw
YnVmKSk7DQorCXN0cmxjYXQocGJ1ZitzdHJsZW4oX1BBVEhfSElERSksIGdh
bWUsIHNpemVvZihwYnVmKS1zdHJsZW4oX1BBVEhfSElERSkpOw0KIAlpZiAo
cHJpb3JpdHkgPiAwKQkvKiA8IDAgcmVxdWlyZXMgcm9vdCAqLw0KIAkJKHZv
aWQpc2V0cHJpb3JpdHkoUFJJT19QUk9DRVNTLCAwLCBwcmlvcml0eSk7DQog
CWV4ZWN2KHBidWYsIGFyZ3MpOw0KQEAgLTEzNSwzMCArMTM2LDM3IEBADQog
cmVhZF9jb25maWcoKQ0KIHsNCiAJRklMRSAqY2ZwOw0KLQljaGFyIGxidWZb
QlVGU0laXSwgZjFbNDBdLCBmMls0MF0sIGYzWzQwXSwgZjRbNDBdLCBmNVs0
MF07DQorCWNoYXIgbGJ1ZltCVUZTSVorMV0sIGYxWzQwXSwgZjJbNDBdLCBm
M1s0MF0sIGY0WzQwXSwgZjVbNDBdOw0KIA0KIAlpZiAoIShjZnAgPSBmb3Bl
bihfUEFUSF9DT05GSUcsICJyIikpKQ0KIAkJcmV0dXJuOw0KLQl3aGlsZSAo
ZmdldHMobGJ1Ziwgc2l6ZW9mKGxidWYpLCBjZnApKQ0KKwl3aGlsZSAoZmdl
dHMobGJ1Ziwgc2l6ZW9mKGxidWYpLTEsIGNmcCkpIHsNCisJCWJ6ZXJvKCZm
MSwgc2l6ZW9mKGYxKSk7DQorCQliemVybygmZjIsIHNpemVvZihmMikpOw0K
KwkJYnplcm8oJmYzLCBzaXplb2YoZjMpKTsNCisJCWJ6ZXJvKCZmNCwgc2l6
ZW9mKGY0KSk7DQorCQliemVybygmZjUsIHNpemVvZihmNSkpOw0KIAkJc3dp
dGNoKCpsYnVmKSB7DQogCQljYXNlICdiJzoJCS8qIGJhZHR0eSAqLw0KLQkJ
CWlmIChzc2NhbmYobGJ1ZiwgIiVzJXMiLCBmMSwgZjIpICE9IDIgfHwNCisJ
CQlpZiAoc3NjYW5mKGxidWYsICIlMzlzJTM5cyIsIGYxLCBmMikgIT0gMiB8
fA0KIAkJCSAgICBzdHJjYXNlY21wKGYxLCAiYmFkdHR5IikpDQogCQkJCWJy
ZWFrOw0KIAkJCWNfdHR5KGYyKTsNCiAJCQlicmVhazsNCiAJCWNhc2UgJ2cn
OgkJLyogZ2FtZSAqLw0KLQkJCWlmIChzc2NhbmYobGJ1ZiwgIiVzJXMlcyVz
JXMiLA0KKwkJCWlmIChzc2NhbmYobGJ1ZiwgIiUzOXMlMzlzJTM5cyUzOXMl
MzlzIiwNCiAJCQkgICAgZjEsIGYyLCBmMywgZjQsIGY1KSAhPSA1IHx8IHN0
cmNhc2VjbXAoZjEsICJnYW1lIikpDQogCQkJCWJyZWFrOw0KIAkJCWNfZ2Ft
ZShmMiwgZjMsIGY0LCBmNSk7DQogCQkJYnJlYWs7DQogCQljYXNlICd0JzoJ
CS8qIHRpbWUgKi8NCi0JCQlpZiAoc3NjYW5mKGxidWYsICIlcyVzJXMlcyIs
IGYxLCBmMiwgZjMsIGY0KSAhPSA0IHx8DQotCQkJICAgIHN0cmNhc2VjbXAo
ZjEsICJ0aW1lIikpDQorCQkJaWYgKHNzY2FuZihsYnVmLCAiJTM5cyUzOXMl
MzlzJTM5cyIsIA0KKwkJCSAgICBmMSwgZjIsIGYzLCBmNCkgIT0gNCB8fCBz
dHJjYXNlY21wKGYxLCAidGltZSIpKQ0KIAkJCQlicmVhazsNCiAJCQljX2Rh
eShmMiwgZjMsIGY0KTsNCiAJCX0NCisJCWJ6ZXJvKCZsYnVmLCBzaXplb2Yo
bGJ1ZikpOw0KKwl9DQogCSh2b2lkKWZjbG9zZShjZnApOw0KIH0NCiANCg==
--0-161585195-1000440515=:11262--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1010914000517.11262A-200000>