Comment by shorden
2 days ago
That's an excellent question, I thought the exact same thing when I wrote this article. From what I can tell [child](https://github.com/NetHack/NetHack/blob/ed600d9f0f3c37677418...) properly spawns a child process with the real uid/gid instead of the effective uid/gid. And to your point, there are actually a decent number of [CVEs](https://www.nethack.org/security/) due to NetHack being set[ug]id.
No comments yet
Contribute on Hacker News ↗