Curse you Debian! Your programs are too secure...
So I was looking over some setgid binaries last night, seeing if there were any obvious security bugs.
Up popped omega-rpg - a fun game I've recently been playing. Unfortunately it is mostly OK:
- The insecure support for save-game-compression is disabled for Debian.
- The use of environmental variables is safe.
- The use of low-memory detection is disabled on non-MSDOS systems.
- The console-based input doesn't succumb to badness if you resize your terminal to allow >80 character input.
The only thing that I can is persuade the game to die with a SIGSEG if I manaully edit a save-game file, then load it. I'm sure with care and patience it could be coerced into running shellcode.
In theory this is a security hole. In practise it is hard to take seriously!
On the other hand I'm not convinced the game should be setgid(games)..