From 6a2a60db41cc5b3db833740e9381e58f5270a775 Mon Sep 17 00:00:00 2001 From: jsm Date: Wed, 9 Feb 2000 22:27:55 +0000 Subject: [PATCH] Fix insecure /tmp usage in sail. Essentially concludes the merge into NetBSD of those changes in the Linux port of the NetBSD games which it is fairly clear to me should be so merged. --- sail/Makefile | 9 ++++++++- sail/dr_main.c | 6 ++---- sail/extern.h | 6 ++++-- sail/globals.c | 7 ++++--- sail/main.c | 16 +++++++++++++--- sail/misc.c | 10 +++++++--- sail/pathnames.h | 4 +++- sail/sync.c | 43 +++++++++++++++++++++++++++++++------------ 8 files changed, 72 insertions(+), 29 deletions(-) diff --git a/sail/Makefile b/sail/Makefile index 1ba8f193..d32d21a6 100644 --- a/sail/Makefile +++ b/sail/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.10 1998/02/18 22:37:32 jtc Exp $ +# $NetBSD: Makefile,v 1.11 2000/02/09 22:27:55 jsm Exp $ # @(#)Makefile 8.1 (Berkeley) 5/31/93 PROG= sail @@ -11,4 +11,11 @@ LDADD= -lcurses HIDEGAME=hidegame SETGIDGAME=yes +afterinstall: +.if !defined(UNPRIVILEGED) + mkdir ${DESTDIR}/var/games/sail + chown root.games ${DESTDIR}/var/games/sail + chmod 2770 ${DESTDIR}/var/games/sail +.endif + .include diff --git a/sail/dr_main.c b/sail/dr_main.c index 1d2a36d9..38bb33ec 100644 --- a/sail/dr_main.c +++ b/sail/dr_main.c @@ -1,4 +1,4 @@ -/* $NetBSD: dr_main.c,v 1.5 1997/10/13 19:43:54 christos Exp $ */ +/* $NetBSD: dr_main.c,v 1.6 2000/02/09 22:27:55 jsm Exp $ */ /* * Copyright (c) 1983, 1993 @@ -38,7 +38,7 @@ #if 0 static char sccsid[] = "@(#)dr_main.c 8.2 (Berkeley) 4/16/94"; #else -__RCSID("$NetBSD: dr_main.c,v 1.5 1997/10/13 19:43:54 christos Exp $"); +__RCSID("$NetBSD: dr_main.c,v 1.6 2000/02/09 22:27:55 jsm Exp $"); #endif #endif /* not lint */ @@ -57,8 +57,6 @@ dr_main() (void) signal(SIGINT, SIG_IGN); (void) signal(SIGQUIT, SIG_IGN); (void) signal(SIGTSTP, SIG_IGN); - if (issetuid) - (void) setuid(geteuid()); if (game < 0 || game >= NSCENE) { fprintf(stderr, "DRIVER: Bad game number %d\n", game); exit(1); diff --git a/sail/extern.h b/sail/extern.h index 0dc7b61b..acb36a79 100644 --- a/sail/extern.h +++ b/sail/extern.h @@ -1,4 +1,4 @@ -/* $NetBSD: extern.h,v 1.13 1999/12/28 18:05:24 jsm Exp $ */ +/* $NetBSD: extern.h,v 1.14 2000/02/09 22:27:55 jsm Exp $ */ /* * Copyright (c) 1983, 1993 @@ -40,6 +40,7 @@ #include #include #include +#include #include "machdep.h" /* program mode */ @@ -56,7 +57,8 @@ extern char longfmt; /* -l, print score in long format */ extern char nobells; /* -b, don't ring bell before Signal */ /* other initial modes */ -extern char issetuid; /* running setuid */ +extern gid_t gid; +extern gid_t egid; #define die() ((rand() >> 3) % 6 + 1) #define sqr(a) ((a) * (a)) diff --git a/sail/globals.c b/sail/globals.c index 5dd061d8..45ce7078 100644 --- a/sail/globals.c +++ b/sail/globals.c @@ -1,4 +1,4 @@ -/* $NetBSD: globals.c,v 1.8 1999/12/28 18:05:24 jsm Exp $ */ +/* $NetBSD: globals.c,v 1.9 2000/02/09 22:27:56 jsm Exp $ */ /* * Copyright (c) 1983, 1993 @@ -38,7 +38,7 @@ #if 0 static char sccsid[] = "@(#)globals.c 8.2 (Berkeley) 4/28/95"; #else -__RCSID("$NetBSD: globals.c,v 1.8 1999/12/28 18:05:24 jsm Exp $"); +__RCSID("$NetBSD: globals.c,v 1.9 2000/02/09 22:27:56 jsm Exp $"); #endif #endif /* not lint */ @@ -553,7 +553,8 @@ char randomize; /* -x, give first available ship */ char longfmt; /* -l, print score in long format */ char nobells; /* -b, don't ring bell before Signal */ -char issetuid; +gid_t gid; +gid_t egid; struct scenario *cc; /* the current scenario */ struct ship *ls; /* &cc->ship[cc->vessels] */ diff --git a/sail/main.c b/sail/main.c index d4a9c6b1..1808be6c 100644 --- a/sail/main.c +++ b/sail/main.c @@ -1,4 +1,4 @@ -/* $NetBSD: main.c,v 1.6 1997/10/13 21:03:55 christos Exp $ */ +/* $NetBSD: main.c,v 1.7 2000/02/09 22:27:56 jsm Exp $ */ /* * Copyright (c) 1983, 1993 @@ -43,11 +43,12 @@ __COPYRIGHT("@(#) Copyright (c) 1983, 1993\n\ #if 0 static char sccsid[] = "@(#)main.c 8.2 (Berkeley) 4/28/95"; #else -__RCSID("$NetBSD: main.c,v 1.6 1997/10/13 21:03:55 christos Exp $"); +__RCSID("$NetBSD: main.c,v 1.7 2000/02/09 22:27:56 jsm Exp $"); #endif #endif /* not lint */ #include "extern.h" +#include #include #include #include @@ -62,9 +63,18 @@ main(argc, argv) { char *p; int i; + int fd; + + gid = getgid(); + egid = getegid(); + setegid(gid); + + fd = open("/dev/null", O_RDONLY); + if (fd < 3) + exit(1); + close(fd); (void) srand(getpid()); - issetuid = getuid() != geteuid(); if ((p = strrchr(*argv, '/')) != NULL) p++; else diff --git a/sail/misc.c b/sail/misc.c index c78e952f..3247cff7 100644 --- a/sail/misc.c +++ b/sail/misc.c @@ -1,4 +1,4 @@ -/* $NetBSD: misc.c,v 1.5 1997/10/13 19:44:38 christos Exp $ */ +/* $NetBSD: misc.c,v 1.6 2000/02/09 22:27:56 jsm Exp $ */ /* * Copyright (c) 1983, 1993 @@ -38,7 +38,7 @@ #if 0 static char sccsid[] = "@(#)misc.c 8.2 (Berkeley) 4/28/95"; #else -__RCSID("$NetBSD: misc.c,v 1.5 1997/10/13 19:44:38 christos Exp $"); +__RCSID("$NetBSD: misc.c,v 1.6 2000/02/09 22:27:56 jsm Exp $"); #endif #endif /* not lint */ @@ -208,8 +208,12 @@ struct ship *s; float net; struct logs *lp; - if ((fp = fopen(_PATH_LOGFILE, "r+")) == NULL) + setegid(egid); + if ((fp = fopen(_PATH_LOGFILE, "r+")) == NULL) { + setegid(gid); return; + } + setegid(gid); #ifdef LOCK_EX if (flock(fileno(fp), LOCK_EX) < 0) return; diff --git a/sail/pathnames.h b/sail/pathnames.h index ab17358f..bf093040 100644 --- a/sail/pathnames.h +++ b/sail/pathnames.h @@ -1,4 +1,4 @@ -/* $NetBSD: pathnames.h,v 1.3 1995/04/22 10:37:06 cgd Exp $ */ +/* $NetBSD: pathnames.h,v 1.4 2000/02/09 22:27:56 jsm Exp $ */ /*- * Copyright (c) 1990, 1993 @@ -36,3 +36,5 @@ */ #define _PATH_LOGFILE "/var/games/saillog" +#define _PATH_SYNC "/var/games/sail/#sailsink.%d" +#define _PATH_LOCK "/var/games/sail/#saillock.%d" diff --git a/sail/sync.c b/sail/sync.c index 9b5b5049..b6e93e1d 100644 --- a/sail/sync.c +++ b/sail/sync.c @@ -1,4 +1,4 @@ -/* $NetBSD: sync.c,v 1.13 1999/09/09 17:30:20 jsm Exp $ */ +/* $NetBSD: sync.c,v 1.14 2000/02/09 22:27:56 jsm Exp $ */ /* * Copyright (c) 1983, 1993 @@ -38,7 +38,7 @@ #if 0 static char sccsid[] = "@(#)sync.c 8.2 (Berkeley) 4/28/95"; #else -__RCSID("$NetBSD: sync.c,v 1.13 1999/09/09 17:30:20 jsm Exp $"); +__RCSID("$NetBSD: sync.c,v 1.14 2000/02/09 22:27:56 jsm Exp $"); #endif #endif /* not lint */ @@ -55,17 +55,18 @@ __RCSID("$NetBSD: sync.c,v 1.13 1999/09/09 17:30:20 jsm Exp $"); #include #include #include "extern.h" +#include "pathnames.h" #define BUFSIZE 4096 +static const char SF[] = _PATH_SYNC; +static const char LF[] = _PATH_LOCK; static char sync_buf[BUFSIZE]; static char *sync_bp = sync_buf; -static char sync_lock[25]; -static char sync_file[25]; +static char sync_lock[sizeof SF]; +static char sync_file[sizeof LF]; static long sync_seek; static FILE *sync_fp; -#define SF "/tmp/#sailsink.%d" -#define LF "/tmp/#saillock.%d" void fmtship(buf, len, fmt, ship) @@ -160,30 +161,39 @@ sync_exists(game) (void) sprintf(buf, SF, game); (void) time(&t); - if (stat(buf, &s) < 0) + setegid(egid); + if (stat(buf, &s) < 0) { + setegid(gid); return 0; + } if (s.st_mtime < t - 60*60*2) { /* 2 hours */ (void) unlink(buf); (void) sprintf(buf, LF, game); (void) unlink(buf); + setegid(gid); return 0; - } else + } else { + setegid(gid); return 1; + } } int sync_open() { + struct stat tmp; if (sync_fp != NULL) (void) fclose(sync_fp); (void) sprintf(sync_lock, LF, game); (void) sprintf(sync_file, SF, game); - if (access(sync_file, 0) < 0) { - int omask = umask(issetuid ? 077 : 011); + setegid(egid); + if (stat(sync_file, &tmp) < 0) { + mode_t omask = umask(002); sync_fp = fopen(sync_file, "w+"); (void) umask(omask); } else sync_fp = fopen(sync_file, "r+"); + setegid(gid); if (sync_fp == NULL) return -1; sync_seek = 0; @@ -196,8 +206,11 @@ sync_close(remove) { if (sync_fp != 0) (void) fclose(sync_fp); - if (remove) + if (remove) { + setegid(egid); (void) unlink(sync_file); + setegid(gid); + } } void @@ -254,8 +267,12 @@ Sync() if (errno != EWOULDBLOCK) return -1; #else - if (link(sync_file, sync_lock) >= 0) + setegid(egid); + if (link(sync_file, sync_lock) >= 0) { + setegid(gid); break; + } + setegid(gid); if (errno != EEXIST) return -1; #endif @@ -319,7 +336,9 @@ out: #ifdef LOCK_EX (void) flock(fileno(sync_fp), LOCK_UN); #else + setegid(egid); (void) unlink(sync_lock); + setegid(gid); #endif (void) signal(SIGHUP, sighup); (void) signal(SIGINT, sigint); -- 2.47.1