From 3809a8fdebc7087514443871f875d64c9e24e447 Mon Sep 17 00:00:00 2001 From: hubertf Date: Sat, 17 Jul 1999 19:57:03 +0000 Subject: The patch below improves the security of the game atc(6), by having it open the score file at the start and then drop all setgid privileges while keeping a (close-on-exec) file descriptor open to it. In order to allow this the static data files have to be made world readable. In addition a potential buffer overrun with corrupted score files is avoided by more careful use of scanf (note that SCORE_SCANF_FMT is defined alongside the definition of the relevant structure). Submitted in PR 8015 by Joseph Myers --- atc/input.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'atc/input.c') diff --git a/atc/input.c b/atc/input.c index a214a12f..821d6055 100644 --- a/atc/input.c +++ b/atc/input.c @@ -1,4 +1,4 @@ -/* $NetBSD: input.c,v 1.11 1998/11/10 13:43:31 hubertf Exp $ */ +/* $NetBSD: input.c,v 1.12 1999/07/17 19:57:03 hubertf Exp $ */ /*- * Copyright (c) 1990, 1993 @@ -50,7 +50,7 @@ #if 0 static char sccsid[] = "@(#)input.c 8.1 (Berkeley) 5/31/93"; #else -__RCSID("$NetBSD: input.c,v 1.11 1998/11/10 13:43:31 hubertf Exp $"); +__RCSID("$NetBSD: input.c,v 1.12 1999/07/17 19:57:03 hubertf Exp $"); #endif #endif not lint @@ -316,7 +316,6 @@ gettoken() { char *shell, *base; - setuid(getuid()); /* turn off setuid bit */ done_screen(); /* run user's favorite shell */ -- cgit v1.2.3