[Secure-testing-team] Bug#560087: Saved files have group 'games'
Bill Allombert
ballombe at debian.org
Tue Dec 8 20:17:14 UTC 2009
Package: xpat2
Version: 1.07-16
Severity: normal
Tags: security
Hello Arne,
If you save a game (by clicking on 'save') it get the games unix group
instead of the user group:
LANG=C ls -l Spider.260301049
-rw-r--r-- 1 bill games 160 Dec 8 20:37 Spider.260301049
This is a mild security issue if your umask is 002, since this allow
someone subverting the games group to change this file.
This bug seems to be very old since I have old saved games from 2003
in the 'games' group.
Cheers,
--
Bill. <ballombe at debian.org>
Imagine a large red swirl here.
More information about the Secure-testing-team
mailing list