Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Quake 2 security risk

Quake 2 is vulnerable to an attack posted on rootshell.com
Zoid says in his .plan:

rootshell.com has posted an exploit for Quake2 under Linux. This exploit was talked about on the buqtraq list a day or two ago.

I've known about this one due to loading shared libs. I forgot to specifically mention in the readme that Quake2 should not be setuid. If you want to use the ref_soft and ref_gl renderers, you should run Quake2 as root. Don't make the binary setuid. You can only run both those renderers at the console only, so being root isn't that much of an issue. The X11 render doesn't need any root permissions (if /dev/dsp is writable by others for sound).

The dedicated server mode (+set dedicated 1) doesn't need to be root either.

I will look at solutions to this problem in the next release. Problems such as root requirements for games has been sort of a sore spot in Linux for a number of years now. This is one of the goals that GGI is targetting to fix. I plan on supporting a ref_ggi in the near future.

This discussion has been archived. No new comments can be posted.

Quake 2 security risk

Comments Filter:

Real Programmers think better when playing Adventure or Rogue.

Working...