Quake2 does not support user written shared objects. It only reads out of the dir in /etc/quake2.conf. As for multiplayer games, quake2 modifications are server-side, ergo, the server admin should be worried about security(AND NOT running quake2 -dedicated as root). If you let users write to the dir that suid apps read from, you're asking for more trouble than anything else. ------------ January 1998 -- Cure for cancer found when researchers seach on AltaVista for "+cure.for.cancer." --http://random.gimp.org --mailto:randomat_private --UIN 23939474 --Try "talk randomat_private" sometime =) On Sat, 20 Feb 1999, Alistair Cunningham wrote: > On Fri, Feb 19, 1999 at 06:10:00PM +0000, Chris Evans wrote: > > [ snip zgv security discussion ] > > > > > This latter hole was interesting. It demonstrated that while an SVGAlib > > application drops root privileges after initializing, it is still > > vulnerable to buffer overflows because the program holds a vital resource; > > a writeable file descriptor to /dev/mem. This applies to all SVGAlib > > programs. > > > > I've just tested, and this applies to quake 2. This is particularly bad, > as quake 2 supports user written .so files. Quake 2 drops root privileges > before loading them, but now it would appear that they can get root back. > > > Alistair Cunningham (who's just chmodded -s quake2) > > -- > -------------------------------------------------------------------------- > Alistair Cunningham Selwyn College, Cambridge Email: ac212at_private >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:37:04 PDT