Date: Fri, 14 Sep 2001 00:08:35 -0400 (EDT) From: "Andrew R. Reiter" <arr@watson.org> To: freebsd-audit@freebsd.org Subject: dungeon master patch Message-ID: <Pine.NEB.3.96L.1010914000517.11262A-200000@fledge.watson.org>
next in thread | raw e-mail | index | archive | help
This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime@docserver.cac.washington.edu for more info. --0-161585195-1000440515=:11262 Content-Type: TEXT/PLAIN; charset=US-ASCII hey, I just started to go through -current (seemingly on default) s{g,u}id bins and their source for security vulns. I found a few definet coding problems in dungeon master (setgid games ;-)), however, since you can't specify the config file, they are probably non-exploitable. but, hey, it's being installed setgid (even if it is games), might as well use good coding practice. the patch is attached, and also can be found at: http://www.watson.org/~arr/fbsd-audit/games/dm/dm.c.diff cheers, andrew *-------------................................................. | Andrew R. Reiter | arr@fledge.watson.org | "It requires a very unusual mind | to undertake the analysis of the obvious" -- A.N. Whitehead --0-161585195-1000440515=:11262 Content-Type: TEXT/PLAIN; charset=US-ASCII; name="dm.c.diff" Content-Transfer-Encoding: BASE64 Content-ID: <Pine.NEB.3.96L.1010914000835.11262B@fledge.watson.org> Content-Description: LS0tIGRtLmMub3JpZwlUaHUgU2VwIDEzIDIyOjQ0OjI1IDIwMDENCisrKyBk bS5jCVRodSBTZXAgMTMgMjM6MDI6NDMgMjAwMQ0KQEAgLTExMSwxNSArMTEx LDE2IEBADQogcGxheShhcmdzKQ0KIAljaGFyICoqYXJnczsNCiB7DQotCWNo YXIgcGJ1ZltNQVhQQVRITEVOXTsNCisJY2hhciBwYnVmW01BWFBBVEhMRU4r MV07DQogDQotCWlmIChzaXplb2YoX1BBVEhfSElERSkgKyBzdHJsZW4oZ2Ft ZSkgPiBzaXplb2YocGJ1ZikpIHsNCisJaWYgKHNpemVvZihfUEFUSF9ISURF KSArIHN0cmxlbihnYW1lKSArIDEgPiBzaXplb2YocGJ1ZikpIHsNCiAJCSh2 b2lkKWZwcmludGYoc3RkZXJyLCAiZG06ICVzLyVzOiAlc1xuIiwgX1BBVEhf SElERSwgZ2FtZSwNCiAJCQlzdHJlcnJvcihFTkFNRVRPT0xPTkcpKTsNCiAJ CWV4aXQoMSk7DQogCX0NCi0JKHZvaWQpc3RyY3B5KHBidWYsIF9QQVRIX0hJ REUpOw0KLQkodm9pZClzdHJjcHkocGJ1ZiArIHNpemVvZihfUEFUSF9ISURF KSAtIDEsIGdhbWUpOw0KKwliemVybygodm9pZCAqKSZwYnVmLCBNQVhQQVRI TEVOKzEpOw0KKwlzdHJsY3B5KHBidWYsIF9QQVRIX0hJREUsIHNpemVvZihw YnVmKSk7DQorCXN0cmxjYXQocGJ1ZitzdHJsZW4oX1BBVEhfSElERSksIGdh bWUsIHNpemVvZihwYnVmKS1zdHJsZW4oX1BBVEhfSElERSkpOw0KIAlpZiAo cHJpb3JpdHkgPiAwKQkvKiA8IDAgcmVxdWlyZXMgcm9vdCAqLw0KIAkJKHZv aWQpc2V0cHJpb3JpdHkoUFJJT19QUk9DRVNTLCAwLCBwcmlvcml0eSk7DQog CWV4ZWN2KHBidWYsIGFyZ3MpOw0KQEAgLTEzNSwzMCArMTM2LDM3IEBADQog cmVhZF9jb25maWcoKQ0KIHsNCiAJRklMRSAqY2ZwOw0KLQljaGFyIGxidWZb QlVGU0laXSwgZjFbNDBdLCBmMls0MF0sIGYzWzQwXSwgZjRbNDBdLCBmNVs0 MF07DQorCWNoYXIgbGJ1ZltCVUZTSVorMV0sIGYxWzQwXSwgZjJbNDBdLCBm M1s0MF0sIGY0WzQwXSwgZjVbNDBdOw0KIA0KIAlpZiAoIShjZnAgPSBmb3Bl bihfUEFUSF9DT05GSUcsICJyIikpKQ0KIAkJcmV0dXJuOw0KLQl3aGlsZSAo ZmdldHMobGJ1Ziwgc2l6ZW9mKGxidWYpLCBjZnApKQ0KKwl3aGlsZSAoZmdl dHMobGJ1Ziwgc2l6ZW9mKGxidWYpLTEsIGNmcCkpIHsNCisJCWJ6ZXJvKCZm MSwgc2l6ZW9mKGYxKSk7DQorCQliemVybygmZjIsIHNpemVvZihmMikpOw0K KwkJYnplcm8oJmYzLCBzaXplb2YoZjMpKTsNCisJCWJ6ZXJvKCZmNCwgc2l6 ZW9mKGY0KSk7DQorCQliemVybygmZjUsIHNpemVvZihmNSkpOw0KIAkJc3dp dGNoKCpsYnVmKSB7DQogCQljYXNlICdiJzoJCS8qIGJhZHR0eSAqLw0KLQkJ CWlmIChzc2NhbmYobGJ1ZiwgIiVzJXMiLCBmMSwgZjIpICE9IDIgfHwNCisJ CQlpZiAoc3NjYW5mKGxidWYsICIlMzlzJTM5cyIsIGYxLCBmMikgIT0gMiB8 fA0KIAkJCSAgICBzdHJjYXNlY21wKGYxLCAiYmFkdHR5IikpDQogCQkJCWJy ZWFrOw0KIAkJCWNfdHR5KGYyKTsNCiAJCQlicmVhazsNCiAJCWNhc2UgJ2cn OgkJLyogZ2FtZSAqLw0KLQkJCWlmIChzc2NhbmYobGJ1ZiwgIiVzJXMlcyVz JXMiLA0KKwkJCWlmIChzc2NhbmYobGJ1ZiwgIiUzOXMlMzlzJTM5cyUzOXMl MzlzIiwNCiAJCQkgICAgZjEsIGYyLCBmMywgZjQsIGY1KSAhPSA1IHx8IHN0 cmNhc2VjbXAoZjEsICJnYW1lIikpDQogCQkJCWJyZWFrOw0KIAkJCWNfZ2Ft ZShmMiwgZjMsIGY0LCBmNSk7DQogCQkJYnJlYWs7DQogCQljYXNlICd0JzoJ CS8qIHRpbWUgKi8NCi0JCQlpZiAoc3NjYW5mKGxidWYsICIlcyVzJXMlcyIs IGYxLCBmMiwgZjMsIGY0KSAhPSA0IHx8DQotCQkJICAgIHN0cmNhc2VjbXAo ZjEsICJ0aW1lIikpDQorCQkJaWYgKHNzY2FuZihsYnVmLCAiJTM5cyUzOXMl MzlzJTM5cyIsIA0KKwkJCSAgICBmMSwgZjIsIGYzLCBmNCkgIT0gNCB8fCBz dHJjYXNlY21wKGYxLCAidGltZSIpKQ0KIAkJCQlicmVhazsNCiAJCQljX2Rh eShmMiwgZjMsIGY0KTsNCiAJCX0NCisJCWJ6ZXJvKCZsYnVmLCBzaXplb2Yo bGJ1ZikpOw0KKwl9DQogCSh2b2lkKWZjbG9zZShjZnApOw0KIH0NCiANCg== --0-161585195-1000440515=:11262-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1010914000517.11262A-200000>