diff options
author | jsm <jsm@NetBSD.org> | 1999-09-12 09:02:20 +0000 |
---|---|---|
committer | jsm <jsm@NetBSD.org> | 1999-09-12 09:02:20 +0000 |
commit | 2f593094f0c4f828fd81a3b052ee426135135694 (patch) | |
tree | 7b98927c7e61fffdc04daa44d0d99f2316fa1a47 /robots | |
parent | b8724a0a95054da51b0a8bfca19d6d2b2662609f (diff) | |
download | bsdgames-darwin-2f593094f0c4f828fd81a3b052ee426135135694.tar.gz bsdgames-darwin-2f593094f0c4f828fd81a3b052ee426135135694.tar.zst bsdgames-darwin-2f593094f0c4f828fd81a3b052ee426135135694.zip |
Security improvements for games (largely from or inspired by OpenBSD).
Games which run setgid from dm, but don't need to, should drop their
privileges at startup.
Games which have a scorefile should open it at startup, then drop all
privileges leaving just the open writable file descriptor. If the
game can invoke subprocesses, this should be made close-on-exec.
Games with scorefiles should make sure they do not get a file
descriptor < 3. (Otherwise, they could get confused and corrupt the
scorefile when using stdin, stdout or stderr.)
Some old setuid revokes from the days of setuid games change into gid
revokes.
Diffstat (limited to 'robots')
-rw-r--r-- | robots/main.c | 31 | ||||
-rw-r--r-- | robots/robots.h | 5 | ||||
-rw-r--r-- | robots/score.c | 17 |
3 files changed, 37 insertions, 16 deletions
diff --git a/robots/main.c b/robots/main.c index f2f9c97f..af8e8b7a 100644 --- a/robots/main.c +++ b/robots/main.c @@ -1,4 +1,4 @@ -/* $NetBSD: main.c,v 1.10 1999/09/08 21:45:29 jsm Exp $ */ +/* $NetBSD: main.c,v 1.11 1999/09/12 09:02:22 jsm Exp $ */ /* * Copyright (c) 1980, 1993 @@ -43,7 +43,7 @@ __COPYRIGHT("@(#) Copyright (c) 1980, 1993\n\ #if 0 static char sccsid[] = "@(#)main.c 8.1 (Berkeley) 5/31/93"; #else -__RCSID("$NetBSD: main.c,v 1.10 1999/09/08 21:45:29 jsm Exp $"); +__RCSID("$NetBSD: main.c,v 1.11 1999/09/12 09:02:22 jsm Exp $"); #endif #endif /* not lint */ @@ -61,6 +61,17 @@ main(ac, av) bool show_only; extern const char *Scorefile; extern int Max_per_uid; + int score_wfd; /* high score writable file descriptor */ + int score_err = 0; /* hold errno from score file open */ + + score_wfd = open(Scorefile, O_RDWR); + if (score_wfd < 0) + score_err = errno; + else if (score_wfd < 3) + exit(1); + + /* Revoke setgid privileges */ + setregid(getgid(), getgid()); show_only = FALSE; Num_games = 1; @@ -71,9 +82,12 @@ main(ac, av) if (isdigit(av[0][0])) Max_per_uid = atoi(av[0]); else { - setuid(getuid()); - setgid(getgid()); Scorefile = av[0]; + if (score_wfd >= 0) + close(score_wfd); + score_wfd = open(Scorefile, O_RDWR); + if (score_wfd < 0) + score_err = errno; # ifdef FANCY sp = strrchr(Scorefile, '/'); if (sp == NULL) @@ -128,6 +142,13 @@ main(ac, av) /* NOTREACHED */ } + if (score_wfd < 0) { + errno = score_err; + warn("%s", Scorefile); + warnx("High scores will not be recorded!"); + sleep(2); + } + initscr(); signal(SIGINT, quit); crmode(); @@ -161,7 +182,7 @@ main(ac, av) refresh(); if (Auto_bot) sleep(1); - score(); + score(score_wfd); if (Auto_bot) sleep(1); refresh(); diff --git a/robots/robots.h b/robots/robots.h index 3fcf5c1c..eb93806a 100644 --- a/robots/robots.h +++ b/robots/robots.h @@ -1,4 +1,4 @@ -/* $NetBSD: robots.h,v 1.11 1999/09/08 21:17:57 jsm Exp $ */ +/* $NetBSD: robots.h,v 1.12 1999/09/12 09:02:22 jsm Exp $ */ /* * Copyright (c) 1980, 1993 @@ -39,6 +39,7 @@ # include <ctype.h> # include <curses.h> # include <err.h> +# include <errno.h> # include <fcntl.h> # include <pwd.h> # include <setjmp.h> @@ -137,7 +138,7 @@ void quit __P((int)) __attribute__((__noreturn__)); void reset_count __P((void)); int rnd __P((int)); COORD *rnd_pos __P((void)); -void score __P((void)); +void score __P((int)); void set_name __P((SCORE *)); void show_score __P((void)); int sign __P((int)); diff --git a/robots/score.c b/robots/score.c index ddc8ce56..ee0b5b18 100644 --- a/robots/score.c +++ b/robots/score.c @@ -1,4 +1,4 @@ -/* $NetBSD: score.c,v 1.9 1999/09/08 21:57:20 jsm Exp $ */ +/* $NetBSD: score.c,v 1.10 1999/09/12 09:02:22 jsm Exp $ */ /* * Copyright (c) 1980, 1993 @@ -38,7 +38,7 @@ #if 0 static char sccsid[] = "@(#)score.c 8.1 (Berkeley) 5/31/93"; #else -__RCSID("$NetBSD: score.c,v 1.9 1999/09/08 21:57:20 jsm Exp $"); +__RCSID("$NetBSD: score.c,v 1.10 1999/09/12 09:02:22 jsm Exp $"); #endif #endif /* not lint */ @@ -116,18 +116,17 @@ write_score(inf) * top list. */ void -score() +score(score_wfd) + int score_wfd; { - int inf; + int inf = score_wfd; SCORE *scp; int uid; bool done_show = FALSE; Newscore = FALSE; - if ((inf = open(Scorefile, O_RDWR)) < 0) { - warn("opening `%s'", Scorefile); + if (inf < 0) return; - } read_score(inf); @@ -161,7 +160,7 @@ score() if (!Newscore) { Full_clear = FALSE; - close(inf); + lseek(inf, 0, SEEK_SET); return; } else @@ -191,7 +190,7 @@ score() if (Newscore) { write_score(inf); } - close(inf); + lseek(inf, 0, SEEK_SET); } void |