Comment by stevekemp
3 days ago
My immediate question is around security. If the nethack binary is setuid(root), setgid(games), or similar, are privileges dropped before the exec("mail-command") happens?
We've seen a lot of trivial local escalations like that in the past.
That's an excellent question, I thought the exact same thing when I wrote this article. From what I can tell [child](https://github.com/NetHack/NetHack/blob/ed600d9f0f3c37677418...) properly spawns a child process with the real uid/gid instead of the effective uid/gid. And to your point, there are actually a decent number of [CVEs](https://www.nethack.org/security/) due to NetHack being set[ug]id.