InfoSect, Canberra's hackerspace, regularly runs public group sessions to perform code review and vulnerability discovery. Over the next 30 days, I'll highlight the source code of 30 unknown vulnerabilities.
Bug #12
In the slashem game, the code doesn't check the return value of setuid/setgid. Similar to http://blog.infosectcbr.com.au/2018/02/infosects-month-of-pointless-bugs-3.html
sys/unix/unixmain.c
# ifdef SECURE (void) setgid(getgid()); (void) setuid(getuid()); /* Ron Wessels */ # endif
