From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 549B1138251 for ; Wed, 2 Jan 2013 14:31:54 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 47F14E05EF; Wed, 2 Jan 2013 14:31:40 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 134CCE05EF for ; Wed, 2 Jan 2013 14:30:30 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id 2F0B633DAF3 for ; Wed, 2 Jan 2013 14:30:30 +0000 (UTC) X-Virus-Scanned: by amavisd-new using ClamAV at gentoo.org X-Spam-Flag: NO X-Spam-Score: -0.14 X-Spam-Level: X-Spam-Status: No, score=-0.14 tagged_above=-999 required=5.5 tests=[AWL=-0.128, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no Received: from smtp.gentoo.org ([IPv6:::ffff:127.0.0.1]) by localhost (smtp.gentoo.org [IPv6:::ffff:127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IQy2GKrBGyxW for ; Wed, 2 Jan 2013 14:30:24 +0000 (UTC) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id E64F233DAA9 for ; Wed, 2 Jan 2013 14:30:23 +0000 (UTC) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1TqPKx-0007s7-Kg for gentoo-user@gentoo.org; Wed, 02 Jan 2013 15:30:31 +0100 Received: from rej2.kyla.fi ([82.130.49.146]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 02 Jan 2013 15:30:31 +0100 Received: from nunojsilva by rej2.kyla.fi with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 02 Jan 2013 15:30:31 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-user@lists.gentoo.org From: nunojsilva@ist.utl.pt (Nuno J. Silva) Subject: [gentoo-user] Re: gentoo netheck Date: Wed, 02 Jan 2013 16:30:01 +0200 Message-ID: <87zk0r4pzq.fsf@ist.utl.pt> References: <50E32270.8000500@gmail.com> <20130101104432.5a742b26@khumba.net> <877gnw5yi3.fsf@ist.utl.pt> <20130102012154.GA1084@ca.inter.net> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: rej2.kyla.fi User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (gnu/linux) Cancel-Lock: sha1:kcAyqJhlBuzzjWPbYMWzN2URUcw= X-Archives-Salt: a95c5dfa-0e25-45e8-8590-ef93b6929372 X-Archives-Hash: 9f5627eecff55daac734ea6e4479d73d On 2013-01-02, Philip Webb wrote: > 130102 Nuno J. Silva wrote: >> On 2013-01-01, Bryan Gardiner wrote: >>> Today I wanted to install nethack and found it is masked: >> If you're the only user of your computer, you could also just unmask >> the version in Portage. The bug is that any user in the games group >> can edit all save files, so if you want to hack your own saves, go ahead. >> The main problem is not the cheating, but that nethack does not employ >> any kind of checks on the scores file when reading it, this effectively >> enables an attack vector where anyone with access to the scores file can >> exploit vulnerabilities in nethack simply by writing a specially-crafted >> score file. >> Nethack just relies on being setgid to a group and installing the scores >> file as writeable by that group. Unfortunately, that happens to be the >> very same "games" group Gentoo uses to group users who are allowed to >> play games, therefore rendering nethack's protection useless. > > Does the insecurity extend beyond Nethack itself ? > -- if not, hard-masking it seems a bit draconian: > it sb quite safe on a single-user system. It's an attack vector. If it is exploited, it extends to your whole account, plus any system/service whose passwords/credentials are stored in your files. Now if it's a single-user system, the attacker would need to already have access to a user in the games group in your system, and the only account in that group is likely yours, so I doubt there would be a big issue. -- Nuno Silva (aka njsg) http://njsg.sdf-eu.org/