Date: Tue, 23 Apr 2002 19:10:03 -0700 (PDT) From: Kris Kennaway <kris@obsecurity.org> To: freebsd-ports@FreeBSD.org Subject: Re: ports/37400: The cosmo game contains unchecked buffers Message-ID: <200204240210.g3O2A3a50758@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/37400; it has been noted by GNATS. From: Kris Kennaway <kris@obsecurity.org> To: Niels Heinen <niels.heinen@ubizen.com> Cc: freebsd-gnats-submit@FreeBSD.ORG Subject: Re: ports/37400: The cosmo game contains unchecked buffers Date: Tue, 23 Apr 2002 19:02:32 -0700 On Tue, Apr 23, 2002 at 02:52:10PM -0700, Niels Heinen wrote: > > >Number: 37400 > >Category: ports > >Synopsis: The cosmo game contains unchecked buffers > >Confidential: no > >Severity: serious > >Priority: medium > >Responsible: freebsd-ports > >State: open > >Quarter: > >Keywords: > >Date-Required: > >Class: sw-bug > >Submitter-Id: current-users > >Arrival-Date: Tue Apr 23 15:00:03 PDT 2002 > >Closed-Date: > >Last-Modified: > >Originator: Niels Heinen > >Release: 4.5 > >Organization: > >Environment: > FreeBSD lappie 4.5-STABLE FreeBSD 4.5-STABLE #0: Thu Apr 18 02:05:19 CEST 2002 root@lappie:/usr/obj/usr/src/sys/GENERIC i386 > > >Description: > > > The cosmo game, which is installed setgid games can be cause > to segfault trought the -display and -bg parameters. Additionally, > during some test it tried to free() memory that was already given back > to the system. FYI, this isn't a serious security problem precisely because it's setgid games, and not setuid anything (the games group has no privileges except to write to score/save files). You might already be aware of this. Thanks for the patch though. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200204240210.g3O2A3a50758>