Security improvements for games (largely from or inspired by OpenBSD).
Games which run setgid from dm, but don't need to, should drop their
privileges at startup.
Games which have a scorefile should open it at startup, then drop all
privileges leaving just the open writable file descriptor. If the
game can invoke subprocesses, this should be made close-on-exec.
Games with scorefiles should make sure they do not get a file
descriptor < 3. (Otherwise, they could get confused and corrupt the
scorefile when using stdin, stdout or stderr.)
Some old setuid revokes from the days of setuid games change into gid
revokes.
Add `__noreturn__' and `__unused__' attributes where appropriate to
the games.
This merges in all such remaining changes from the Linux port of the
NetBSD games, except in hunt (where substantial changes from OpenBSD
need to be looked at).
Most noreturn attributes were previously added in bin/6144, with some
others that were missed then in bin/8082. Previous `unused'
attributes were covered in bin/6557, bin/8058 and other PRs (all these
PRs have already been handled and closed).
Add use of `const' where appropriate to the games.
This merges in all such remaining changes from the Linux port of the
NetBSD games, except in hunt (where substantial changes from OpenBSD
need to be looked at).
Some such changes were previously covered in PRs bin/6041, bin/6146,
bin/6148, bin/6150, bin/6151, bin/6580, bin/6660, bin/7993, bin/7994,
bin/8039, bin/8057 and bin/8093.
simonb [Sat, 21 Aug 1999 09:23:44 +0000 (09:23 +0000)]
Instead of writing out a structure that contains pointers as the header
of the card decks file, just write out the number of cards for each
deck. Also use "off_t" for offsets into the file (that are stored after
the number of cards) instead of "long".
/usr/share/games/cards.pck is now MI.
simonb [Sat, 21 Aug 1999 06:30:11 +0000 (06:30 +0000)]
Don't chown installed files or directories if UNPRIVILEGED is defined.
"make build" should now work as a non-root user (tested on Alpha).
mtree spits out lots of warnings during "make distrib-dirs", but
these are non-fatal.
sommerfeld [Fri, 13 Aug 1999 03:02:06 +0000 (03:02 +0000)]
Fix the part of pr8201 which is IMHO a bug: the error message now goes
to stderr.
The existing error message ("I don't know what xxx means") is
unchanged, as it is stylisticly in keeping with the light-hearted
nature of the program, and is also more likely to be accurate than the
"no such acronym" error message proposed in 8201.
This patch converts worms(6) to use curses, thereby
simplifying the code and improving its portability. It also adds a
delay option from OpenBSD, to allow reasonable speed display on fast
terminals, adds use of const, and fixes signal handling and use of
errx() where appropriate.
Patch supplied in PR 6661 by Joseph Myers <jsm28@cam.ac.uk>.
This patch converts rain(6) to use curses, thereby
significantly simplifying the code and improving its portability. It
also adds a delay option from OpenBSD to make the display go at a
useful speed on fast terminals, and fixes signal handling to make it
reliable.
Patch supplied by Joseph Myers <jsm28@cam.ac.uk> in PR 6659.
This patch fixes adventure(6) to use `extern' on declarations of
objects in its header file, and to add corresponding definitions to
init.c accordingly. (See the C standard - relying on linker commons
where there are multiple uninitialised declarations of an object in
the program traditionally works on Unix, but is not standard C.)
The patch also removes a bit-rotten code fragment under #ifdef
OLDSTUFF.
Patch submitted in PR 8105 by Joseph Myers <jsm28@cam.ac.uk>
This patch adds references to the main punched card, paper tape and
Morse code standards to the bcd(6) manpage (which also serves as the
manpages ppt(6) and morse(6)).
(The only one of these standards I have read is the ECMA-10 paper tape
standard, which is also probably the least readily available, since
ECMA don't supply copies of obsolete standards, though they will
supply printed copies of any or all of their current standards at no
charge.)
Patch submitted in PR 8102 by Joseph Myers <jsm28@cam.ac.uk>
This patch makes bcd(6) use `const' where appropriate, and use
unsigned char rather than char for values that end up passed to
isascii() and also used as array indices.
Patch submitted by Joseph Myers <jsm28@cam.ac.uk> in PR 8093.
In atc(6), the function getAChar() has BSD and SYSV variants to deal
with variations in EINTR behaviour, but the optimisation of using the
BSD version where the SYSV version isn't needed is insignificant.
This patch therefore simplifies the code by making there be just one
version, a more paranoid (about EOF when errno is already EINTR)
version of the SYSV code. Since the BSD/SYSV defines are mainly used
to control whether BSD timers are used, this helps where BSD timers
but SYSV EINTR handling are wanted.
Patch supplied in PR 8091 by Joseph Myers <jsm28@cam.ac.uk>
This patch improves the handling of save files in battlestar(6), by
allowing the user to choose the name of the save file and specify it
on the command line when restoring. It also eliminates a buffer
overrun in determining the path to the save file, and any particular
arbitrary limit on the name length. In the name of a tidier home
directory, the default name is changed from "Bstar" to ".Bstar".
Patch supplied in PR 8085 by Joseph Myers <jsm28@cam.ac.uk>
Minor modification (s/startup/filename/ in initialize()) by me.
This adds a check for memory allocation failure to one place in
backgammon(6). The use of write(2) for the message may seem odd, but
is used in another place in this game. (Actually, a lot of
backgammon(6) could do with being substantially cleaned up.)
Patch submitted in PR 8080 by Joseph Myers <jsm28@cam.ac.uk>
When atc(6) parses its game definition files, the check for `width'
being defined more than once incorrectly checks for `height' having
been previously defined instead.
Patch submitted in PR 8038 by Joseph Myers <jsm28@cam.ac.uk>
Back out last due to think o on my side: we don't start banner through
dm(6), so there's no setgid privileges to discard. Pointed out by
Joseph S. Myers <jsm28@cam.ac.uk>
The patch below improves the security of the game atc(6), by having it
open the score file at the start and then drop all setgid privileges
while keeping a (close-on-exec) file descriptor open to it. In order
to allow this the static data files have to be made world readable.
In addition a potential buffer overrun with corrupted score files is
avoided by more careful use of scanf (note that SCORE_SCANF_FMT is
defined alongside the definition of the relevant structure).
Submitted in PR 8015 by Joseph Myers <jsm28@cam.ac.uk>
This patch cleans up the handling of the variable `saved' in
adventure(6). The handling of this variable is somewhat confusing,
since it is used for two different purposes (controlling the time
required before a saved game can be restored, and controlling various
aspects of dwarf behaviour); in fact, it is also declared twice in
hdr.h. Except possibly when saving a game fails, these uses can never
interfere; when used for controlling dwarf behaviour, we always have
saved == -1. This can be better understood with reference to the
original PDP-10 FORTRAN source (URL in patch, since hdr.h references
the comments of the FORTRAN as still relevant to this version) of
which the C version is a direct translation: the wrong value for
`saved' meant that someone was cheating and had bypassed normal
initialisation. Saving was done by halting and telling the user to
save their core image, so the question of carrying on after saving
failed to open the output file did not arise.
This patch separates the uses of `saved' into uses of two separate
variables.
This patch makes fish(6) honour PAGER for viewing the instructions.
The detailed behaviour follows POSIX.2. A similar patch for wump(6)
which was accepted is in bin/6699. Fish does not need any setgid
privileges it gets from dm, so this patch also moves the gid resetting
earlier.
Reported in PR 7986 by Joseph Myers <jsm28@cam.ac.uk>
From PR 7988 by Joseph Myers <jsm28@cam.ac.uk>: use the symbolic
name SEEK_SET for values which end up as the third argument of
fseek(), rather than a hard-coded 0.
games/adventure/setup.c fails to check for errors when writing its
output. This means that, if the disk fills up at this point during a
build, it would nevertheless fail to return an error status.
change:
.Sh "SEE ALSO"
to:
.Sh SEE ALSO
The doc macros check for the latter (actually just for 'SEE' as the first
argument to .Sh) to set the section header SEE ALSO flag, which modifies
some behaviour (e.g. references done with .Rs/.Re).
git.ckatri.com / bsdgames-darwin.git / log