[436] in linux-security and linux-alert archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Minor security problem.

daemon@ATHENA.MIT.EDU (owner-linux-security@tarsier.cv.nr)
Mon Oct 30 11:54:32 1995

From: owner-linux-security@tarsier.cv.nrao.edu
Date: Mon, 30 Oct 1995 11:07:35 GMT
To: linux-security@tarsier.cv.nrao.edu

The Linux version of Zorst's Yahtzee due to its age has a

#if 0
	rename(....
#else
	system("mv ... ..

#endif

In it. This means its rather easy to exploit if installed setuid games
for its score file. I've fixed this , colourised it and switchd it to 
ncurses. The announce mentions a minor security fix but doesn't say what -
so now you will know.

Alan


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[436] in linux-security and linux-alert archive

Minor security problem.

daemon@ATHENA.MIT.EDU (owner-linux-security@tarsier.cv.nr)Mon Oct 30 11:54:32 1995

daemon@ATHENA.MIT.EDU (owner-linux-security@tarsier.cv.nr)
Mon Oct 30 11:54:32 1995