Hi, [This is a minor problem] On my RedHat Linux systems, cxhextris has a binary called "xhextris", and it runs under the euid "games". -rwsr-xr-x 1 games games 49688 Apr 25 14:02 /usr/X11R6/bin/xhextris A bug in this program will allow local users to subvert the user "games", perhaps using this to then hide their activities (or cheat in the high score table!! :-) Details: The name of the player can optionally be taken from the environment variable "XHEXNAME": xio.c: if ((name = (char *)getenv("XHEXNAME")) == NULL) This can obviously be of an arbitrary length. When a high score is achieved: strcpy(high_scores[i].name, name); This overflows a buffer on the stack of the function main(). At the same time this is fixed, the following should also be fixed: xio.c: #ifdef LOG strcpy(log_message,log_name); log_name can come from getenv("USER") on admittedly rare circumstances. Cheers Chris
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:51:13 PDT