]> granicus.if.org Git - nethack/commit
projects / nethack / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5a87444) | patch
fix #Q101 - score file bullet proofing
authornethack.rankin <nethack.rankin>
Tue, 6 Mar 2007 03:33:49 +0000 (03:33 +0000)
committernethack.rankin <nethack.rankin>
Tue, 6 Mar 2007 03:33:49 +0000 (03:33 +0000)
commit5702e2065d381c90daac5c7b6d853a9a00f0ebed
tree9e598dc99907d97f7278a17cc6a4bf7ca8984b75tree | snapshot
parent5a874440a07b3a59bfec58042261e5f1b0278a42commit | diff
fix #Q101 - score file bullet proofing

     Guard against buffer overflows when reading in score entries, in case
`record' has become corrupted or been maliciously modified.  This addresses
the part of "#Q101: Security bug in nethack 3.4.3" that we have control
over.  A Gentoo bug tracking discussion pointed out to us by <email deleted>, describes how that particular Linux
distribution makes users be members of the games group, allowing them to
modify files in nethack's playground directory when it has been set up in
the usual ``setgid games'' manner, thus making score processing in that
environment be vulnerable to buffer overrun exploits.
doc/fixes34.4 diff | blob | history
src/topten.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.