Subject: Re: Removing dm(1)
To: Jason Thorpe <firstname.lastname@example.org>
From: Peter Seebach <email@example.com>
Date: 11/18/1997 16:26:27
In message <199711181848.KAA18783@lestat.nas.nasa.gov>, Jason Thorpe writes:
>Ah, thank you. I was hoping this is what you'd tell me. Basically,
>now I can give you an example of significant functionality that
>Curt: I suggest you edit /etc/dm.conf to disallow games that spawn pagers
>until this issue is dealt with. :-)
I do think it's a real exploit, and I'd like to see a real fix...
My suggestion: Add a flag to dm that says that a game knows about and
needs setuid. If it isn't explicitly set, the game runs as the user.
Worst case, we lose high score files until the list is updated.