Fix insecure /tmp usage in sail.

Essentially concludes the merge into NetBSD of those changes in the
Linux port of the NetBSD games which it is fairly clear to me should
be so merged.

diff --git a/sail/Makefile b/sail/Makefile
index 1ba8f19322088ccff22e68b3b9e6675429dee36b..d32d21a60becaa6efa76e3f11e2b79663adf700d 100644 (file)
--- a/sail/Makefile
+++ b/sail/Makefile
@@ -1,4 +1,4 @@
-#      $NetBSD: Makefile,v 1.10 1998/02/18 22:37:32 jtc Exp $
+#      $NetBSD: Makefile,v 1.11 2000/02/09 22:27:55 jsm Exp $
 #      @(#)Makefile    8.1 (Berkeley) 5/31/93
 
 PROG=  sail
@@ -11,4 +11,11 @@ LDADD=       -lcurses
 HIDEGAME=hidegame
 SETGIDGAME=yes
 
+afterinstall:
+.if !defined(UNPRIVILEGED)
+       mkdir ${DESTDIR}/var/games/sail
+       chown root.games ${DESTDIR}/var/games/sail
+       chmod 2770 ${DESTDIR}/var/games/sail
+.endif
+
 .include <bsd.prog.mk>

diff --git a/sail/dr_main.c b/sail/dr_main.c
index 1d2a36d95ffdee8cdd12dc5e1a150388b7a3b4b7..38bb33ec7c7b7e5e220d7419516f5f5a9eb2688d 100644 (file)
--- a/sail/dr_main.c
+++ b/sail/dr_main.c
@@ -1,4 +1,4 @@
-/*     $NetBSD: dr_main.c,v 1.5 1997/10/13 19:43:54 christos Exp $     */
+/*     $NetBSD: dr_main.c,v 1.6 2000/02/09 22:27:55 jsm Exp $  */
 
 /*
  * Copyright (c) 1983, 1993
@@ -38,7 +38,7 @@
 #if 0
 static char sccsid[] = "@(#)dr_main.c  8.2 (Berkeley) 4/16/94";
 #else
-__RCSID("$NetBSD: dr_main.c,v 1.5 1997/10/13 19:43:54 christos Exp $");
+__RCSID("$NetBSD: dr_main.c,v 1.6 2000/02/09 22:27:55 jsm Exp $");
 #endif
 #endif /* not lint */
 
@@ -57,8 +57,6 @@ dr_main()
        (void) signal(SIGINT, SIG_IGN);
        (void) signal(SIGQUIT, SIG_IGN);
        (void) signal(SIGTSTP, SIG_IGN);
-       if (issetuid)
-               (void) setuid(geteuid());
        if (game < 0 || game >= NSCENE) {
                fprintf(stderr, "DRIVER: Bad game number %d\n", game);
                exit(1);

diff --git a/sail/extern.h b/sail/extern.h
index 0dc7b61b14cee3dc6991b2cc103e06b0e3958913..acb36a798e42e728cc4bf37dc9912ee2e2982a8f 100644 (file)
--- a/sail/extern.h
+++ b/sail/extern.h
@@ -1,4 +1,4 @@
-/*     $NetBSD: extern.h,v 1.13 1999/12/28 18:05:24 jsm Exp $ */
+/*     $NetBSD: extern.h,v 1.14 2000/02/09 22:27:55 jsm Exp $ */
 
 /*
  * Copyright (c) 1983, 1993
@@ -40,6 +40,7 @@
 #include <string.h>
 #include <ctype.h>
 #include <setjmp.h>
+#include <sys/types.h>
 #include "machdep.h"
 
        /* program mode */
@@ -56,7 +57,8 @@ extern char longfmt;                  /* -l, print score in long format */
 extern char nobells;                   /* -b, don't ring bell before Signal */
 
        /* other initial modes */
-extern char issetuid;                  /* running setuid */
+extern gid_t gid;
+extern gid_t egid;
 
 #define die()          ((rand() >> 3) % 6 + 1)
 #define sqr(a)         ((a) * (a))

diff --git a/sail/globals.c b/sail/globals.c
index 5dd061d8c3d33e43faf78debeb191b12663fa634..45ce707828e4768dd24b96246d5011a65ea56f50 100644 (file)
--- a/sail/globals.c
+++ b/sail/globals.c
@@ -1,4 +1,4 @@
-/*     $NetBSD: globals.c,v 1.8 1999/12/28 18:05:24 jsm Exp $  */
+/*     $NetBSD: globals.c,v 1.9 2000/02/09 22:27:56 jsm Exp $  */
 
 /*
  * Copyright (c) 1983, 1993
@@ -38,7 +38,7 @@
 #if 0
 static char sccsid[] = "@(#)globals.c  8.2 (Berkeley) 4/28/95";
 #else
-__RCSID("$NetBSD: globals.c,v 1.8 1999/12/28 18:05:24 jsm Exp $");
+__RCSID("$NetBSD: globals.c,v 1.9 2000/02/09 22:27:56 jsm Exp $");
 #endif
 #endif /* not lint */
 
@@ -553,7 +553,8 @@ char randomize;                             /* -x, give first available ship */
 char longfmt;                          /* -l, print score in long format */
 char nobells;                          /* -b, don't ring bell before Signal */
 
-char issetuid;
+gid_t gid;
+gid_t egid;
 
 struct scenario *cc;           /* the current scenario */
 struct ship *ls;               /* &cc->ship[cc->vessels] */

diff --git a/sail/main.c b/sail/main.c
index d4a9c6b190052c4540a540f1365ebc84a4a98162..1808be6ccdc0b549348ee58e069979e089df5699 100644 (file)
--- a/sail/main.c
+++ b/sail/main.c
@@ -1,4 +1,4 @@
-/*     $NetBSD: main.c,v 1.6 1997/10/13 21:03:55 christos Exp $        */
+/*     $NetBSD: main.c,v 1.7 2000/02/09 22:27:56 jsm Exp $     */
 
 /*
  * Copyright (c) 1983, 1993
@@ -43,11 +43,12 @@ __COPYRIGHT("@(#) Copyright (c) 1983, 1993\n\
 #if 0
 static char sccsid[] = "@(#)main.c     8.2 (Berkeley) 4/28/95";
 #else
-__RCSID("$NetBSD: main.c,v 1.6 1997/10/13 21:03:55 christos Exp $");
+__RCSID("$NetBSD: main.c,v 1.7 2000/02/09 22:27:56 jsm Exp $");
 #endif
 #endif /* not lint */
 
 #include "extern.h"
+#include <fcntl.h>
 #include <unistd.h>
 #include <stdlib.h>
 #include <string.h>
@@ -62,9 +63,18 @@ main(argc, argv)
 {
        char *p;
        int i;
+       int fd;
+
+       gid = getgid();
+       egid = getegid();
+       setegid(gid);
+
+       fd = open("/dev/null", O_RDONLY);
+       if (fd < 3)
+               exit(1);
+       close(fd);
 
        (void) srand(getpid());
-       issetuid = getuid() != geteuid();
        if ((p = strrchr(*argv, '/')) != NULL)
                p++;
        else

diff --git a/sail/misc.c b/sail/misc.c
index c78e952fd545a10134095b9f04c36166575ce0cc..3247cff75e915030eb9f54c651f3ee9919f69fb7 100644 (file)
--- a/sail/misc.c
+++ b/sail/misc.c
@@ -1,4 +1,4 @@
-/*     $NetBSD: misc.c,v 1.5 1997/10/13 19:44:38 christos Exp $        */
+/*     $NetBSD: misc.c,v 1.6 2000/02/09 22:27:56 jsm Exp $     */
 
 /*
  * Copyright (c) 1983, 1993
@@ -38,7 +38,7 @@
 #if 0
 static char sccsid[] = "@(#)misc.c     8.2 (Berkeley) 4/28/95";
 #else
-__RCSID("$NetBSD: misc.c,v 1.5 1997/10/13 19:44:38 christos Exp $");
+__RCSID("$NetBSD: misc.c,v 1.6 2000/02/09 22:27:56 jsm Exp $");
 #endif
 #endif /* not lint */
 
@@ -208,8 +208,12 @@ struct ship *s;
        float net;
        struct logs *lp;
 
-       if ((fp = fopen(_PATH_LOGFILE, "r+")) == NULL)
+       setegid(egid);
+       if ((fp = fopen(_PATH_LOGFILE, "r+")) == NULL) {
+               setegid(gid);
                return;
+       }
+       setegid(gid);
 #ifdef LOCK_EX
        if (flock(fileno(fp), LOCK_EX) < 0)
                return;

diff --git a/sail/pathnames.h b/sail/pathnames.h
index ab17358f80c8d8b361a113f666cc913b7554fb3e..bf0930407866efc5c59e31071272745d77de1e45 100644 (file)
--- a/sail/pathnames.h
+++ b/sail/pathnames.h
@@ -1,4 +1,4 @@
-/*     $NetBSD: pathnames.h,v 1.3 1995/04/22 10:37:06 cgd Exp $        */
+/*     $NetBSD: pathnames.h,v 1.4 2000/02/09 22:27:56 jsm Exp $        */
 
 /*-
  * Copyright (c) 1990, 1993
@@ -36,3 +36,5 @@
  */
 
 #define        _PATH_LOGFILE   "/var/games/saillog"
+#define        _PATH_SYNC      "/var/games/sail/#sailsink.%d"
+#define        _PATH_LOCK      "/var/games/sail/#saillock.%d"

diff --git a/sail/sync.c b/sail/sync.c
index 9b5b504936f7fd52b4a9ca0cbc02b6e224797114..b6e93e1df2bd88815d5b06ec0cc7f7ad1e02e89e 100644 (file)
--- a/sail/sync.c
+++ b/sail/sync.c
@@ -1,4 +1,4 @@
-/*     $NetBSD: sync.c,v 1.13 1999/09/09 17:30:20 jsm Exp $    */
+/*     $NetBSD: sync.c,v 1.14 2000/02/09 22:27:56 jsm Exp $    */
 
 /*
  * Copyright (c) 1983, 1993
@@ -38,7 +38,7 @@
 #if 0
 static char sccsid[] = "@(#)sync.c     8.2 (Berkeley) 4/28/95";
 #else
-__RCSID("$NetBSD: sync.c,v 1.13 1999/09/09 17:30:20 jsm Exp $");
+__RCSID("$NetBSD: sync.c,v 1.14 2000/02/09 22:27:56 jsm Exp $");
 #endif
 #endif /* not lint */
 
@@ -55,17 +55,18 @@ __RCSID("$NetBSD: sync.c,v 1.13 1999/09/09 17:30:20 jsm Exp $");
 #include <sys/stat.h>
 #include <time.h>
 #include "extern.h"
+#include "pathnames.h"
 
 #define BUFSIZE 4096
 
+static const char SF[] = _PATH_SYNC;
+static const char LF[] = _PATH_LOCK;
 static char sync_buf[BUFSIZE];
 static char *sync_bp = sync_buf;
-static char sync_lock[25];
-static char sync_file[25];
+static char sync_lock[sizeof SF];
+static char sync_file[sizeof LF];
 static long sync_seek;
 static FILE *sync_fp;
-#define SF "/tmp/#sailsink.%d"
-#define LF "/tmp/#saillock.%d"
 
 void
 fmtship(buf, len, fmt, ship)
@@ -160,30 +161,39 @@ sync_exists(game)
 
        (void) sprintf(buf, SF, game);
        (void) time(&t);
-       if (stat(buf, &s) < 0)
+       setegid(egid);
+       if (stat(buf, &s) < 0) {
+               setegid(gid);
                return 0;
+       }
        if (s.st_mtime < t - 60*60*2) {         /* 2 hours */
                (void) unlink(buf);
                (void) sprintf(buf, LF, game);
                (void) unlink(buf);
+               setegid(gid);
                return 0;
-       } else
+       } else {
+               setegid(gid);
                return 1;
+       }
 }
 
 int
 sync_open()
 {
+       struct stat tmp;
        if (sync_fp != NULL)
                (void) fclose(sync_fp);
        (void) sprintf(sync_lock, LF, game);
        (void) sprintf(sync_file, SF, game);
-       if (access(sync_file, 0) < 0) {
-               int omask = umask(issetuid ? 077 : 011);
+       setegid(egid);
+       if (stat(sync_file, &tmp) < 0) {
+               mode_t omask = umask(002);
                sync_fp = fopen(sync_file, "w+");
                (void) umask(omask);
        } else
                sync_fp = fopen(sync_file, "r+");
+       setegid(gid);
        if (sync_fp == NULL)
                return -1;
        sync_seek = 0;
@@ -196,8 +206,11 @@ sync_close(remove)
 {
        if (sync_fp != 0)
                (void) fclose(sync_fp);
-       if (remove)
+       if (remove) {
+               setegid(egid);
                (void) unlink(sync_file);
+               setegid(gid);
+       }
 }
 
 void
@@ -254,8 +267,12 @@ Sync()
                if (errno != EWOULDBLOCK)
                        return -1;
 #else
-               if (link(sync_file, sync_lock) >= 0)
+               setegid(egid);
+               if (link(sync_file, sync_lock) >= 0) {
+                       setegid(gid);
                        break;
+               }
+               setegid(gid);
                if (errno != EEXIST)
                        return -1;
 #endif
@@ -319,7 +336,9 @@ out:
 #ifdef LOCK_EX
        (void) flock(fileno(sync_fp), LOCK_UN);
 #else
+       setegid(egid);
        (void) unlink(sync_lock);
+       setegid(gid);
 #endif
        (void) signal(SIGHUP, sighup);
        (void) signal(SIGINT, sigint);