diff options
| author |   hubertf <hubertf@NetBSD.org> | 1999-07-17 19:57:03 +0000 |
|---|---|---|
| committer | hubertf <hubertf@NetBSD.org> | 1999-07-17 19:57:03 +0000 |
| commit | 3809a8fdebc7087514443871f875d64c9e24e447 (patch) | |
| tree | 0418f6d2f091389108a0620a5d5194a1def8d50d /atc/input.c | |
| parent | fd34b018820af4ff065b05d39c0d53a362fb2783 (diff) | |
| download | bsdgames-darwin-3809a8fdebc7087514443871f875d64c9e24e447.tar.gz bsdgames-darwin-3809a8fdebc7087514443871f875d64c9e24e447.tar.zst bsdgames-darwin-3809a8fdebc7087514443871f875d64c9e24e447.zip | |
The patch below improves the security of the game atc(6), by having it
open the score file at the start and then drop all setgid privileges
while keeping a (close-on-exec) file descriptor open to it. In order
to allow this the static data files have to be made world readable.
In addition a potential buffer overrun with corrupted score files is
avoided by more careful use of scanf (note that SCORE_SCANF_FMT is
defined alongside the definition of the relevant structure).
Submitted in PR 8015 by Joseph Myers <jsm28@cam.ac.uk>
Diffstat (limited to 'atc/input.c')
| -rw-r--r-- | atc/input.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/atc/input.c b/atc/input.c index a214a12f..821d6055 100644 --- a/atc/input.c +++ b/atc/input.c @@ -1,4 +1,4 @@ -/* $NetBSD: input.c,v 1.11 1998/11/10 13:43:31 hubertf Exp $ */ +/* $NetBSD: input.c,v 1.12 1999/07/17 19:57:03 hubertf Exp $ */ /*- * Copyright (c) 1990, 1993 @@ -50,7 +50,7 @@ #if 0 static char sccsid[] = "@(#)input.c 8.1 (Berkeley) 5/31/93"; #else -__RCSID("$NetBSD: input.c,v 1.11 1998/11/10 13:43:31 hubertf Exp $"); +__RCSID("$NetBSD: input.c,v 1.12 1999/07/17 19:57:03 hubertf Exp $"); #endif #endif not lint @@ -316,7 +316,6 @@ gettoken() { char *shell, *base; - setuid(getuid()); /* turn off setuid bit */ done_screen(); /* run user's favorite shell */ |