Package: gpe-tetris
Version: 0.6.4-2
Severity: grave
Tags: security
Justification: user security hole
User: [email protected]
Usertags: piuparts

Hi,

during a test with piuparts I found that gpe-tetris creates a world
writable directory and a world writable file in there:

  ERROR: BAD PERMISSIONS
  drwxrwxrwx 2 root root  60 Aug  7 10:18 /var/games/gpe
  -rw-rw-rw- 1 root games  0 Aug  7 10:18 /var/games/gpe/gpe-tetris.dat

This allows any local user to modify and replace files in there ...

Shouldn't root:games 0664 for gpe-tetris.dat and
root:root 0755 or root:games 0775 for gpe/ be sufficient?


cheers,

Andreas


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to