Re: Quake 2 Linux 3.13 (and lower) allow users to read arbitrary

From: William T Wilson (fluffyat_private)
Date: Wed Feb 25 1998 - 11:52:15 PST

Next message: Dave: "Q2-wrapper make Quake2 behave"

Previous message: J.A. Gutierrez: "Re: /usr/dt/bin/dtappgather exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 25 Feb 1998 kevingeoat_private wrote:

> Vulnerable:
> Everyone who followed the installation instructions and made Quake2 setuid
> root.

To the best of my knowledge, Quake2 suffers from the same bug that squake
suffers from.  You can use the -gamedir option (or its quake 2 equivalent)
to make squake cough up a root shell using a standard buffer overflow
exploit.  I don't believe Zoid altered this for quake 2.  I don't think he
cares about security at all.

I wouldn't install anything of Zoid's setuid root without making it
group-owned by a trusted group and mode 4750.

This new exploit of yours even allows you to do evil things with Zoidware
even if it is installed with a wrapper.  :\  (Unless you want to make your
wrapper check all the file permissions too)

Next message: Dave: "Q2-wrapper make Quake2 behave"
Previous message: J.A. Gutierrez: "Re: /usr/dt/bin/dtappgather exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:43:18 PDT