Bug 70768 - World writable /usr/games/Maelstrom/Maelstrom-Scores
Summary: World writable /usr/games/Maelstrom/Maelstrom-Scores
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Public Beta
Classification: Retired
Component: Maelstrom (Show other bugs)
(Show other bugs)
Version: null
Hardware: All Linux
high
medium
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact:
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks: 67217
TreeView+ depends on / blocked
 
Reported: 2002-08-05 00:55 UTC by Dax Kelson
Modified: 2014-03-17 02:29 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-08-21 06:14:17 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Dax Kelson 2002-08-05 00:55:50 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.5 (X11; Linux i686; U;) Gecko/20020712

Description of problem:
The file /usr/games/Maelstrom/Maelstrom-Scores has evil 666 permissions. This is
bad because it can be used to bypass quota restrictions, and even worse since
this file is loaded processed by the game, depending on how securely it is
processed, someone might be able to exploit any user who runs the game.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
n/a

Actual Results:  n/a

Expected Results:  n/a

Additional info:

n/a

Comment 1 Dax Kelson 2002-08-21 06:14:12 UTC
Still in Null.

Comment 2 Preston Brown 2002-08-23 02:34:43 UTC
corrected in 3.0.5-4 and later.


Note You need to log in before you can comment on or make changes to this bug.