From 6a2a60db41cc5b3db833740e9381e58f5270a775 Mon Sep 17 00:00:00 2001
From: jsm <jsm@NetBSD.org>
Date: Wed, 9 Feb 2000 22:27:55 +0000
Subject: Fix insecure /tmp usage in sail.

Essentially concludes the merge into NetBSD of those changes in the
Linux port of the NetBSD games which it is fairly clear to me should
be so merged.
---
 sail/sync.c | 43 +++++++++++++++++++++++++++++++------------
 1 file changed, 31 insertions(+), 12 deletions(-)

(limited to 'sail/sync.c')

diff --git a/sail/sync.c b/sail/sync.c
index 9b5b5049..b6e93e1d 100644
--- a/sail/sync.c
+++ b/sail/sync.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: sync.c,v 1.13 1999/09/09 17:30:20 jsm Exp $	*/
+/*	$NetBSD: sync.c,v 1.14 2000/02/09 22:27:56 jsm Exp $	*/
 
 /*
  * Copyright (c) 1983, 1993
@@ -38,7 +38,7 @@
 #if 0
 static char sccsid[] = "@(#)sync.c	8.2 (Berkeley) 4/28/95";
 #else
-__RCSID("$NetBSD: sync.c,v 1.13 1999/09/09 17:30:20 jsm Exp $");
+__RCSID("$NetBSD: sync.c,v 1.14 2000/02/09 22:27:56 jsm Exp $");
 #endif
 #endif /* not lint */
 
@@ -55,17 +55,18 @@ __RCSID("$NetBSD: sync.c,v 1.13 1999/09/09 17:30:20 jsm Exp $");
 #include <sys/stat.h>
 #include <time.h>
 #include "extern.h"
+#include "pathnames.h"
 
 #define BUFSIZE 4096
 
+static const char SF[] = _PATH_SYNC;
+static const char LF[] = _PATH_LOCK;
 static char sync_buf[BUFSIZE];
 static char *sync_bp = sync_buf;
-static char sync_lock[25];
-static char sync_file[25];
+static char sync_lock[sizeof SF];
+static char sync_file[sizeof LF];
 static long sync_seek;
 static FILE *sync_fp;
-#define SF "/tmp/#sailsink.%d"
-#define LF "/tmp/#saillock.%d"
 
 void
 fmtship(buf, len, fmt, ship)
@@ -160,30 +161,39 @@ sync_exists(game)
 
 	(void) sprintf(buf, SF, game);
 	(void) time(&t);
-	if (stat(buf, &s) < 0)
+	setegid(egid);
+	if (stat(buf, &s) < 0) {
+		setegid(gid);
 		return 0;
+	}
 	if (s.st_mtime < t - 60*60*2) {		/* 2 hours */
 		(void) unlink(buf);
 		(void) sprintf(buf, LF, game);
 		(void) unlink(buf);
+		setegid(gid);
 		return 0;
-	} else
+	} else {
+		setegid(gid);
 		return 1;
+	}
 }
 
 int
 sync_open()
 {
+	struct stat tmp;
 	if (sync_fp != NULL)
 		(void) fclose(sync_fp);
 	(void) sprintf(sync_lock, LF, game);
 	(void) sprintf(sync_file, SF, game);
-	if (access(sync_file, 0) < 0) {
-		int omask = umask(issetuid ? 077 : 011);
+	setegid(egid);
+	if (stat(sync_file, &tmp) < 0) {
+		mode_t omask = umask(002);
 		sync_fp = fopen(sync_file, "w+");
 		(void) umask(omask);
 	} else
 		sync_fp = fopen(sync_file, "r+");
+	setegid(gid);
 	if (sync_fp == NULL)
 		return -1;
 	sync_seek = 0;
@@ -196,8 +206,11 @@ sync_close(remove)
 {
 	if (sync_fp != 0)
 		(void) fclose(sync_fp);
-	if (remove)
+	if (remove) {
+		setegid(egid);
 		(void) unlink(sync_file);
+		setegid(gid);
+	}
 }
 
 void
@@ -254,8 +267,12 @@ Sync()
 		if (errno != EWOULDBLOCK)
 			return -1;
 #else
-		if (link(sync_file, sync_lock) >= 0)
+		setegid(egid);
+		if (link(sync_file, sync_lock) >= 0) {
+			setegid(gid);
 			break;
+		}
+		setegid(gid);
 		if (errno != EEXIST)
 			return -1;
 #endif
@@ -319,7 +336,9 @@ out:
 #ifdef LOCK_EX
 	(void) flock(fileno(sync_fp), LOCK_UN);
 #else
+	setegid(egid);
 	(void) unlink(sync_lock);
+	setegid(gid);
 #endif
 	(void) signal(SIGHUP, sighup);
 	(void) signal(SIGINT, sigint);
-- 
cgit v1.2.3