Bugtraq mailing list archives
Re: Vunerability in Lizards game
From: levine () yoyo org (Neil Levine)
Date: Mon, 17 Nov 1997 19:30:31 +0000
On Thu, Nov 13, 1997 at 12:19:34PM -0500, Kragen "Skewed" Sitaker mumbled:
Yes, but as you point out in your post, programs running with svgalib under ioperm maintain an open fd to /dev/mem -- so if one can compromise them, then one can get root, patch the kernel without getting root, or whatever.
I forwarded the above threads to the author who did try posting onto this list but they havent appeared so here is his response: ------------------------------------------------------------------- Yikes! As author (some time ago) of lizards, I'd like to point out that my install script (which I believe is still distributed in the archive) did *not* set the user Id of the game to root. I was working on the assumption that anyone playing SVGAlib games (at a time when SVGAlib wasn't exactly stable) would (a) not be runing them on an important machine, and (b) be able to run it via sudo as they were probably (at the time) the woners of the machine, using it at home. In the two years since it was written, I haven't developed any SVGAlib software at all, simply because of the security implications. Now that Linux is gaining popularity in the commercial world (our nameserver is a Linux box), I find it a bit strange that SVGAlib games are still in distribution anyway. I'm not sure why Pat Volkerding set it up to install setuid root, though - that does seem like a bit of a kludge for a major distribution - but then again, my system("clear") wasn't particularly elegant either. How about system("/usr/bin/clear")? John M Dow -- -------------------------------------------------------------------- Neil Levine Yoyo Internet Services levine () yoyo org http://www.yoyo.org "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." - Richard Feynman --------------------------------------------------------------------
Current thread:
- Re: Intel Pentium Bug, (continued)
- Re: Intel Pentium Bug Peter Bierman (Nov 08)
- Re: Intel Pentium Bug Aleph One (Nov 08)
- Microsoft Office security bug Aleph One (Nov 07)
- Re: Microsoft Office security bug Inigo Gonzalez (Nov 11)
- What were the opcodes to hang a Pentium again? (fwd) Darren Reed (Nov 11)
- Re: Microsoft Office security bug Aleph One (Nov 11)
- Vunerability in Lizards game SUID (Nov 11)
- Re: Vunerability in Lizards game Alex Murray (Nov 12)
- Re: Vunerability in Lizards game Olaf Titz (Nov 13)
- Re: Vunerability in Lizards game Kragen \ (Nov 13)
- Re: Vunerability in Lizards game Neil Levine (Nov 17)
- Re: Vunerability in Lizards game Joe Zbiciak (Nov 18)
- Re: Vunerability in Lizards game Zoltan Hidvegi (Nov 18)
- Major Security Flaw in Cybercash 2.1.2 Kerri Kraft (Nov 19)
- IP DOS attacks -- Win95 and WinNT Paul Leach (Nov 18)
- Microsoft Office security bug Aleph One (Nov 07)
- Updating microcode on the fly Superuser (Nov 12)
- Re: Updating microcode on the fly Jyri Kaljundi (Nov 12)
- solaris 251 & syslogd Michael Helm (Nov 12)
- Re: solaris 251 & syslogd Richard Peters (Nov 12)
- Re: solaris 251 & syslogd Dave Kinchlea (Nov 12)
- CERT Advisory CA-97.25 - REVISED- Code Correction Aleph One (Nov 12)