From 2f593094f0c4f828fd81a3b052ee426135135694 Mon Sep 17 00:00:00 2001 From: jsm Date: Sun, 12 Sep 1999 09:02:20 +0000 Subject: Security improvements for games (largely from or inspired by OpenBSD). Games which run setgid from dm, but don't need to, should drop their privileges at startup. Games which have a scorefile should open it at startup, then drop all privileges leaving just the open writable file descriptor. If the game can invoke subprocesses, this should be made close-on-exec. Games with scorefiles should make sure they do not get a file descriptor < 3. (Otherwise, they could get confused and corrupt the scorefile when using stdin, stdout or stderr.) Some old setuid revokes from the days of setuid games change into gid revokes. --- tetris/tetris.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'tetris/tetris.h') diff --git a/tetris/tetris.h b/tetris/tetris.h index 97a28234..44a8b3b9 100644 --- a/tetris/tetris.h +++ b/tetris/tetris.h @@ -1,4 +1,4 @@ -/* $NetBSD: tetris.h,v 1.6 1999/09/08 21:18:01 jsm Exp $ */ +/* $NetBSD: tetris.h,v 1.7 1999/09/12 09:02:24 jsm Exp $ */ /*- * Copyright (c) 1992, 1993 @@ -38,6 +38,8 @@ * @(#)tetris.h 8.1 (Berkeley) 5/31/93 */ +#include + /* * Definitions for Tetris. */ @@ -166,6 +168,7 @@ long fallrate; /* less than 1 million; smaller => faster */ * still be moved or rotated). */ int score; /* the obvious thing */ +extern gid_t gid, egid; char key_msg[100]; int showpreview; -- cgit v1.2.3