Re: Quake 2 Linux

From: Greg Alexander (galexandat_private)
Date: Tue Jan 27 1998 - 20:26:53 PST

Next message: Solar Designer: "Secure Linux patch"

Previous message: GvS One: "Re: Simple OpenBSD crash script"
Maybe in reply to: kevingeoat_private: "Quake 2 Linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 26 Jan 1998 kevingeoat_private wrote:

> Vulnerable:
> Anyone who made Quake2 setuid root in order to use the svgalib software refresh.
>
> Solution:
> chmod u-s quake2, and use ref_softx instead of ref_soft.
> If you prefer console-based video, you could get GGI
> (http://synergy.caltech.edu/~ggi/), and use KGI with the SVGAlib wrapper
> (I haven't tried this).

This is not the proper solution at all.  The proper solution is:
create a group for trusted people (call it trusted, or console, or
whatever)
chown root.trusted quake2
chmod 4750 quake2

        quake2 is not usable in a window.  It is much more proper to limit
the game to trusted people than to (essentially) remove it entirely.

        There is a much more important quake2 hole.  ref_gl.so requires
quake2 to be suid root (in order to initialize the 3dfx hardware), but it
/never/ gives up root, so network-related segfaults would allow remote
exploits of your machine.  There are three solutions here:
        - make a wrapper library for one of the relevant libraries
(libMesaGL, libvga, anything) to give up root at some appropriate time (what
a hack).
        - fix libMesaGL (because this is a generic problem with all
Mesa-based 3dfx apps) to give up root immediately after initializing the
card.
        - beg for David "Zoid" Kirsch (zoidat_private, his boss is
johncat_private) to become security-concious.  (for reference, the
original svgalib port of quake he was provided with was as secure as svgalib
games get, then he intentionally moved the vga_init call to a place after
many files are opened "so I don't get newbies complaining that they can't
open /dev/mouse.")

        /NEVER/ install any game ported by David Kirsch or David Taylor in a
public setuid manner on a machine used by untrusted people.  The probability
is well over 95% that root will not be given up until after almost all files
have been opened.

Greg Alexander - also <gralexanat_private> - http://sietch.home.ml.org/
----
"In Christianity neither morality nor religion come into contact with
reality at any point."
-- Friedrich Nietzsche

Next message: Solar Designer: "Secure Linux patch"
Previous message: GvS One: "Re: Simple OpenBSD crash script"
Maybe in reply to: kevingeoat_private: "Quake 2 Linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:41:12 PDT