On Fri, Feb 19, 1999 at 06:10:00PM +0000, Chris Evans wrote: [ snip zgv security discussion ] > > This latter hole was interesting. It demonstrated that while an SVGAlib > application drops root privileges after initializing, it is still > vulnerable to buffer overflows because the program holds a vital resource; > a writeable file descriptor to /dev/mem. This applies to all SVGAlib > programs. > I've just tested, and this applies to quake 2. This is particularly bad, as quake 2 supports user written .so files. Quake 2 drops root privileges before loading them, but now it would appear that they can get root back. Alistair Cunningham (who's just chmodded -s quake2) -- -------------------------------------------------------------------------- Alistair Cunningham Selwyn College, Cambridge Email: ac212at_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:36:44 PDT