Date: Wed, 8 Mar 2000 00:42:26 -0800 (PST) From: Kris Kennaway <kris@hub.freebsd.org> To: security@freebsd.org Cc: ports@freebsd.org Subject: cvs commit: ports/games/omega Makefile (fwd) Message-ID: <Pine.BSF.4.21.0003080033520.70163-100000@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
I'm not going to generate a security advisory about this, but reinstall
this port if you have it.
In general, if you have anything installed which is setuid games on a
multiuser machine, it's a good candidate for removal (games aren't the
most securely-programmed things):
find /usr/local/bin -user games -perm -4000
Ports maintainers who own such a file (please check the above!) please
make the necessary changes to install it setgid games, not setuid foo.
A user who exploits a game binary to get the games group probably can't do
much apart from alter game score/save files (although this still might be
a security risk if you can convince the game to somehow execute code you
put in the file), whereas if they have setuid games they can trojan the
binary directly for the next user.
Kris
Ports Security Officer
----
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
---------- Forwarded message ----------
Date: Wed, 8 Mar 2000 00:33:23 -0800 (PST)
From: Kris Kennaway <kris@FreeBSD.org>
To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: cvs commit: ports/games/omega Makefile
kris 2000/03/08 00:33:22 PST
Modified files:
games/omega Makefile
Log:
Install this port setgid games, not setuid games.
No response from: Maintainer
Revision Changes Path
1.4 +7 -6 ports/games/omega/Makefile
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0003080033520.70163-100000>