#126: crash dump feature is vulnerable to symlink attack
----------------------------------------+-----------------------------------
Reporter: [EMAIL PROTECTED] | Type: defect
Status: new | Priority: major
Milestone: 2.1 | Component: other
Version: | Keywords:
Operating_system: All |
----------------------------------------+-----------------------------------
The crash dump feature of warzone2100 is vulnerable to a symlink attack.
This is because /tmp is generally a writable directory and an attacker
could create a symlink /tmp/warzone2100.gdmp ->
/home/gamer/important/data/file. If warzone2100 ever crashes, then the
important data the gamer has will be destroyed and overwritten with a
warzone2100 crash dump (obviously they should be making backups, but most
people do not). My suggestion for fixing this would be to save crash dumps
in ~/.warzone2100/ instead of a world-writable directory. If 2.0 is
vulnerable to this, you might want to get a CVE assigned and make
announcement.
--
Ticket URL: <http://developer.wz2100.net/ticket/126>
Warzone 2100 Trac <http://wz2100.net/>
The Warzone 2100 Resurrection Project
_______________________________________________
Warzone-dev mailing list
[email protected]
https://mail.gna.org/listinfo/warzone-dev
