Download Firefox: WindowsMac OS X
logo       
Google Custom Search
    AddThis Social Bookmark Button
<prev   next>

Jun report ..: msg#00000

Subject: Jun report .. 

  I do sometimes still audit code!

Pinball 0.3.0
-------------

  Pinball allows level designers to specify external plugins to handle
 scoring and other behaviour.   These modules can be loaded from arbitary
 paths and are opened without dropping privileges.

  The game is setgid(games) allowing a rogue shared library to gain GID(games).

  This problem affects Sid, Sarge and Etch, (Woody does not contain the
 package).


Level Weakness
--------------

  In pinball you must load a game prior to playing.  By default the
 levels are located beneath the directory /usr/share/games/pinball as
 subdirectorys.

  However you can specify an alternate path using:

        pinball -data /tmp/my-levels


Level Design
------------

  Each subdirectory describing a level contains some resources, such as
 PNG files and WAV files.  To describe these resources a file called
 'pinball.pbl' is loaded.

  pinball.pbl contains text descriptions of the actual levels.  A sample
 entry looks something like this:

  arm_behavior {
    left
    sound flip.wav
  }
  properties {
    collision
    group_1
  }

  We can also specify a shared library to be loaded with the following
 section:

object module {
  module {
      /../../../tmp/skx/skx.so
  }
}

 Loading this level will dlopen() and dlload(); our shared library:


No current table name! (the first time is normal...)
Loader::loadFile caught exception ************
Could not find symbol new_object_fct in 
library/usr/lib/pinball//../../../tmp/skx/skx.so: undefined symbol: 
new_object_fct
When loading file: /tmp/skx/tux/pinball.pbl
At line: 15602
Loader::loadFile *****************************


The Fix
-------

  Fixing this is hard:

  1.  We cannot drop privileges irevocably prior to loading the module
     since we need them for writing the highscore.

  2.  We cannot disable module loading since without that the two standard
     levels become unplayable.

  3.  Filtering out "../" will not work since the user can specify an
     alternative data directory via -data.

  4.  Removing support for "-data" will break per-user levels which might
     be the best solution:  To play new levels they would need to be
     installed system-wide, at which point we can restrict modules to the
     level directory.

  I went with 4+3 which was a hard decision to make, but probably for the
 best.

Steve
--
-- 
Steve
-- 
# The Debian Security Audit Project.
http://www.debian.org/security/audit
<Prev in Thread] Current Thread [Next in Thread>
Indexes:  [Date] [Thread] [Top] [All Lists]

    ^^^ ADDITIONAL NAVIGATION ^^^

  
Google Custom Search

Recently Viewed:
version-control...    os.solaris.sola...    java.keel.devel...    emacs.gnus.gene...    web.wiki.pmwiki...    db.sapdb.genera...    ietf.sfl/1998-1...    general.linux-u...    region.indonesi...    culture.autism/...    apache.mod-perl...    sysutils.automa...    user-groups.lin...    yellowdog.gener...    text.xml.securi...    kde.devel.quant...    qnx.openqnx.dev...    mobile.kannel.d...    hardware.dell.p...    package-managem...    linux.cluster.s...    bluez.user/2003...    xfree86.devel/2...   
Home | blog view, Court Document Archive | USPTO Patent Archive (NEW!) | advertise | OSDir is an inevitable website. super tiny logo