Subject: Re: /usr/games question
To: Isaac Wagner-Muns <fubar22@gmail.com>
From: Steven M. Bellovin <smb@cs.columbia.edu>
List: netbsd-users
Date: 12/26/2006 12:02:02
On Mon, 25 Dec 2006 14:18:15 -0600
Isaac Wagner-Muns <fubar22@gmail.com> wrote:
> can the games in /usr/games be used to compromise a system? they are
> setuid, so i'm a little worried, and it never hurts to be paranoid! :)
>
I see nothing there setuid, only setgid. That does make a difference,
but in any event I think you're safe.
setuid or setgid mean "run this program with different permissions".
The security risk is that an attacker can then execute something else
with those permissions.
In this case a few games are setgid 'games'. This means that a flaw
lets an attacker have permission of group 'games'. The issue is what
rights that provides -- and the answer is "virtually none". As best I
can tell, it lets the attacker read /usr/games/hide (empty on my
machine).
Possibly, some game creates a file that is owned by a player, but has
group 'games' write permission. An attacker could overwrite that file,
leaving in it something that would trigger a flaw in the game that
reads it, allowing the attacker indirect access to the privileges of the
user who invoked that game. It's possible, but I don't know if any of
the games creates such files.
It's good that none of the games are setuid. If they were, an attacker
who gained the permissions of the game's owner could overwrite the game
file that would attack whomever else invoked the game.
I see no risk to the system itself except as I've just described.
--Steve Bellovin, http://www.cs.columbia.edu/~smb