Bug 70768 - World writable /usr/games/Maelstrom/Maelstrom-Scores
Summary: World writable /usr/games/Maelstrom/Maelstrom-Scores
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Public Beta
Classification: Retired
Component: Maelstrom
Version: null
Hardware: All
OS: Linux
high
medium
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 67217
TreeView+ depends on / blocked
 
Reported: 2002-08-05 00:55 UTC by Dax Kelson
Modified: 2014-03-17 02:29 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2002-08-21 06:14:17 UTC
Embargoed:

Attachments (Terms of Use)

Description Dax Kelson 2002-08-05 00:55:50 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.5 (X11; Linux i686; U;) Gecko/20020712

Description of problem:
The file /usr/games/Maelstrom/Maelstrom-Scores has evil 666 permissions. This is
bad because it can be used to bypass quota restrictions, and even worse since
this file is loaded processed by the game, depending on how securely it is
processed, someone might be able to exploit any user who runs the game.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
n/a

Actual Results:  n/a

Expected Results:  n/a

Additional info:

n/a
Comment 1 Dax Kelson 2002-08-21 06:14:12 UTC 
Still in Null.
Comment 2 Preston Brown 2002-08-23 02:34:43 UTC 
corrected in 3.0.5-4 and later.
Note You need to log in before you can comment on or make changes to this bug.