diff options
| author |   hubertf <hubertf@NetBSD.org> | 1999-07-17 19:57:03 +0000 |
|---|---|---|
| committer | hubertf <hubertf@NetBSD.org> | 1999-07-17 19:57:03 +0000 |
| commit | 3809a8fdebc7087514443871f875d64c9e24e447 (patch) | |
| tree | 0418f6d2f091389108a0620a5d5194a1def8d50d /atc/main.c | |
| parent | fd34b018820af4ff065b05d39c0d53a362fb2783 (diff) | |
| download | bsdgames-darwin-3809a8fdebc7087514443871f875d64c9e24e447.tar.gz bsdgames-darwin-3809a8fdebc7087514443871f875d64c9e24e447.tar.zst bsdgames-darwin-3809a8fdebc7087514443871f875d64c9e24e447.zip | |
The patch below improves the security of the game atc(6), by having it
open the score file at the start and then drop all setgid privileges
while keeping a (close-on-exec) file descriptor open to it. In order
to allow this the static data files have to be made world readable.
In addition a potential buffer overrun with corrupted score files is
avoided by more careful use of scanf (note that SCORE_SCANF_FMT is
defined alongside the definition of the relevant structure).
Submitted in PR 8015 by Joseph Myers <jsm28@cam.ac.uk>
Diffstat (limited to 'atc/main.c')
| -rw-r--r-- | atc/main.c | 8 |
1 files changed, 6 insertions, 2 deletions
@@ -1,4 +1,4 @@ -/* $NetBSD: main.c,v 1.8 1998/11/10 13:43:31 hubertf Exp $ */ +/* $NetBSD: main.c,v 1.9 1999/07/17 19:57:03 hubertf Exp $ */ /*- * Copyright (c) 1990, 1993 @@ -55,7 +55,7 @@ __COPYRIGHT("@(#) Copyright (c) 1990, 1993\n\ #if 0 static char sccsid[] = "@(#)main.c 8.1 (Berkeley) 5/31/93"; #else -__RCSID("$NetBSD: main.c,v 1.8 1998/11/10 13:43:31 hubertf Exp $"); +__RCSID("$NetBSD: main.c,v 1.9 1999/07/17 19:57:03 hubertf Exp $"); #endif #endif /* not lint */ @@ -78,6 +78,10 @@ main(ac, av) struct itimerval itv; #endif + /* Open the score file then revoke setgid privileges */ + open_score_file(); + setregid(getgid(), getgid()); + start_time = seed = time(0); name = *av++; |