The cosmo game, which is installed setgid games can be cause to segfault trought the -display and -bg parameters. Additionally, during some test it tried to free() memory that was already given back to the system. How-To-Repeat: cosmo -display <A x 10000> cosmo -bg <A x 10000>
On Tue, Apr 23, 2002 at 02:52:10PM -0700, Niels Heinen wrote: > > >Number: 37400 > >Category: ports > >Synopsis: The cosmo game contains unchecked buffers > >Confidential: no > >Severity: serious > >Priority: medium > >Responsible: freebsd-ports > >State: open > >Quarter: > >Keywords: > >Date-Required: > >Class: sw-bug > >Submitter-Id: current-users > >Arrival-Date: Tue Apr 23 15:00:03 PDT 2002 > >Closed-Date: > >Last-Modified: > >Originator: Niels Heinen > >Release: 4.5 > >Organization: > >Environment: > FreeBSD lappie 4.5-STABLE FreeBSD 4.5-STABLE #0: Thu Apr 18 02:05:19 CEST 2002 root@lappie:/usr/obj/usr/src/sys/GENERIC i386 > > >Description: > > > The cosmo game, which is installed setgid games can be cause > to segfault trought the -display and -bg parameters. Additionally, > during some test it tried to free() memory that was already given back > to the system. FYI, this isn't a serious security problem precisely because it's setgid games, and not setuid anything (the games group has no privileges except to write to score/save files). You might already be aware of this. Thanks for the patch though. Kris
Responsible Changed From-To: freebsd-ports->nakai over to maintainer
State Changed From-To: open->closed Fix committed, thanks!