InfoSect, Canberra's hackerspace, regularly runs public group sessions to perform code review and vulnerability discovery. Over the next 30 days, I'll highlight the source code of 30 unknown vulnerabilities.
Bug #28
The canfield game in bsdgames doesn't check if dropping privs can fail - see http://blog.infosectcbr.com.au/2018/02/infosects-month-of-pointless-bugs-3.html
bsdgames/canfield/canfield/canfield.c
if (uid < 0)
uid = 0;
dbfd = open(_PATH_SCORE, O_RDWR);
/* Revoke setgid privileges */
setregid(getgid(), getgid());
if (dbfd < 0)
return;
