X-RDate: Thu, 26 Feb 1998 14:24:19 +0500 (ESK)
Date: Wed, 25 Feb 1998 14:52:15 -0500
From: William T Wilson <fluffy@DUNADAN.COM>
To: BUGTRAQ@NETSPACE.ORG
Subject: Re: Quake 2 Linux 3.13 (and lower) allow users to read arbitrary files
On Wed, 25 Feb 1998 kevingeo@CRUZIO.COM wrote:
> Vulnerable:
> Everyone who followed the installation instructions and made Quake2 setuid
> root.
To the best of my knowledge, Quake2 suffers from the same bug that squake
suffers from. You can use the -gamedir option (or its quake 2 equivalent)
to make squake cough up a root shell using a standard buffer overflow
exploit. I don't believe Zoid altered this for quake 2. I don't think he
cares about security at all.
I wouldn't install anything of Zoid's setuid root without making it
group-owned by a trusted group and mode 4750.
This new exploit of yours even allows you to do evil things with Zoidware
even if it is installed with a wrapper. :\ (Unless you want to make your
wrapper check all the file permissions too)
