#126: crash dump feature is vulnerable to symlink attack ----------------------------------------+----------------------------------- Reporter: [EMAIL PROTECTED] | Type: defect Status: new | Priority: major Milestone: 2.1 | Component: other Version: | Keywords: Operating_system: All | ----------------------------------------+----------------------------------- The crash dump feature of warzone2100 is vulnerable to a symlink attack. This is because /tmp is generally a writable directory and an attacker could create a symlink /tmp/warzone2100.gdmp -> /home/gamer/important/data/file. If warzone2100 ever crashes, then the important data the gamer has will be destroyed and overwritten with a warzone2100 crash dump (obviously they should be making backups, but most people do not). My suggestion for fixing this would be to save crash dumps in ~/.warzone2100/ instead of a world-writable directory. If 2.0 is vulnerable to this, you might want to get a CVE assigned and make announcement.
-- Ticket URL: <http://developer.wz2100.net/ticket/126> Warzone 2100 Trac <http://wz2100.net/> The Warzone 2100 Resurrection Project _______________________________________________ Warzone-dev mailing list Warzone-dev@gna.org https://mail.gna.org/listinfo/warzone-dev