[kalium_xyz]

https://www.nethack.org/security/CVE-2020-5254.html Never considered nethack as part of my security model

[stevekemp]

Years ago I reported a security bug (CVE-2004-0103) in the nethack-like game "crawl". In that case it involved copying the contents of an environmental variable into a fixed size buffer.

I've just checked my bug report, where I wrote:

Demonstrating this bug is quite challenging as it involves:

* Finding pizza.

* Eating the pizza and having a two in three chance of your message (getenv( "CRAWL_PIZZA")) being used.

Fun memories; I should audit some more code soon.

[vorpalhex]

There were (and probably still are) some shared *nix systems that allowed you to connect and play/spectate Nethack games.

[htfy96]

I often play with ssh nethack@hardfought.org . Multiple variants available.

[naniwaduni]

Everything with a setuid/setgid should be viewed with suspicion.