InfoSect's Month of Pointless Bugs (#18)
InfoSect, Canberra's hackerspace, regularly runs public group sessions to perform code review and vulnerability discovery. Over the next 30 days, I'll highlight the source code of 30 unknown vulnerabilities.
Bug #18
bsdgames/tetris doesn't check dropping privs - see http://blog.infosectcbr.com.au/2018/02/infosects-month-of-pointless-bugs-3.html
Bug #18
bsdgames/tetris doesn't check dropping privs - see http://blog.infosectcbr.com.au/2018/02/infosects-month-of-pointless-bugs-3.html