Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Quake 2 security risk

Quake 2 is vulnerable to an attack posted on rootshell.com
Zoid says in his .plan:

rootshell.com has posted an exploit for Quake2 under Linux. This exploit was talked about on the buqtraq list a day or two ago.

I've known about this one due to loading shared libs. I forgot to specifically mention in the readme that Quake2 should not be setuid. If you want to use the ref_soft and ref_gl renderers, you should run Quake2 as root. Don't make the binary setuid. You can only run both those renderers at the console only, so being root isn't that much of an issue. The X11 render doesn't need any root permissions (if /dev/dsp is writable by others for sound).

The dedicated server mode (+set dedicated 1) doesn't need to be root either.

I will look at solutions to this problem in the next release. Problems such as root requirements for games has been sort of a sore spot in Linux for a number of years now. This is one of the goals that GGI is targetting to fix. I plan on supporting a ref_ggi in the near future.

This discussion has been archived. No new comments can be posted.

Quake 2 security risk

Comments Filter:

It is difficult to soar with the eagles when you work with turkeys.