Package: gpe-tetris Version: 0.6.4-2 Severity: grave Tags: security Justification: user security hole User: [email protected] Usertags: piuparts
Hi, during a test with piuparts I found that gpe-tetris creates a world writable directory and a world writable file in there: ERROR: BAD PERMISSIONS drwxrwxrwx 2 root root 60 Aug 7 10:18 /var/games/gpe -rw-rw-rw- 1 root games 0 Aug 7 10:18 /var/games/gpe/gpe-tetris.dat This allows any local user to modify and replace files in there ... Shouldn't root:games 0664 for gpe-tetris.dat and root:root 0755 or root:games 0775 for gpe/ be sufficient? cheers, Andreas -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

