diff options
author | jsm <jsm@NetBSD.org> | 1999-09-12 09:02:20 +0000 |
---|---|---|
committer | jsm <jsm@NetBSD.org> | 1999-09-12 09:02:20 +0000 |
commit | 2f593094f0c4f828fd81a3b052ee426135135694 (patch) | |
tree | 7b98927c7e61fffdc04daa44d0d99f2316fa1a47 /snake | |
parent | b8724a0a95054da51b0a8bfca19d6d2b2662609f (diff) | |
download | bsdgames-darwin-2f593094f0c4f828fd81a3b052ee426135135694.tar.gz bsdgames-darwin-2f593094f0c4f828fd81a3b052ee426135135694.tar.zst bsdgames-darwin-2f593094f0c4f828fd81a3b052ee426135135694.zip |
Security improvements for games (largely from or inspired by OpenBSD).
Games which run setgid from dm, but don't need to, should drop their
privileges at startup.
Games which have a scorefile should open it at startup, then drop all
privileges leaving just the open writable file descriptor. If the
game can invoke subprocesses, this should be made close-on-exec.
Games with scorefiles should make sure they do not get a file
descriptor < 3. (Otherwise, they could get confused and corrupt the
scorefile when using stdin, stdout or stderr.)
Some old setuid revokes from the days of setuid games change into gid
revokes.
Diffstat (limited to 'snake')
-rw-r--r-- | snake/snake/snake.c | 33 | ||||
-rw-r--r-- | snake/snscore/snscore.c | 8 |
2 files changed, 30 insertions, 11 deletions
diff --git a/snake/snake/snake.c b/snake/snake/snake.c index a356a02f..c3a69681 100644 --- a/snake/snake/snake.c +++ b/snake/snake/snake.c @@ -1,4 +1,4 @@ -/* $NetBSD: snake.c,v 1.12 1999/09/08 21:57:21 jsm Exp $ */ +/* $NetBSD: snake.c,v 1.13 1999/09/12 09:02:23 jsm Exp $ */ /* * Copyright (c) 1980, 1993 @@ -43,7 +43,7 @@ __COPYRIGHT("@(#) Copyright (c) 1980, 1993\n\ #if 0 static char sccsid[] = "@(#)snake.c 8.2 (Berkeley) 1/7/94"; #else -__RCSID("$NetBSD: snake.c,v 1.12 1999/09/08 21:57:21 jsm Exp $"); +__RCSID("$NetBSD: snake.c,v 1.13 1999/09/12 09:02:23 jsm Exp $"); #endif #endif /* not lint */ @@ -101,6 +101,9 @@ int repeat = 1; time_t tv; char *tn; +int rawscores; +FILE *logfile; + int main __P((int, char **)); int @@ -112,6 +115,20 @@ main(argc, argv) extern int optind; int ch, i; + /* Open score files then revoke setgid privileges */ + rawscores = open(_PATH_RAWSCORES, O_RDWR|O_CREAT, 0664); + if (rawscores < 0) { + warn("open %s", _PATH_RAWSCORES); + sleep(2); + } else if (rawscores < 3) + exit(1); + logfile = fopen(_PATH_LOGFILE, "a"); + if (logfile == NULL) { + warn("fopen %s", _PATH_LOGFILE); + sleep(2); + } + setregid(getgid(), getgid()); + (void) time(&tv); srandom((int) tv); @@ -498,9 +515,8 @@ post(iscore, flag) pr("No saved scores for uid %d.\n", uid); return (1); } - if ((rawscores = open(_PATH_RAWSCORES, O_RDWR | O_CREAT, 0644)) < 0) { - pr("No score file %s: %s.\n", _PATH_RAWSCORES, - strerror(errno)); + if (rawscores < 0) { + /* Error reported earlier */ return (1); } /* Figure out what happened in the past */ @@ -532,7 +548,7 @@ post(iscore, flag) pr("You set a new record!\n"); } else pr("The highest is %s with $%d\n", p->pw_name, allbscore); - close(rawscores); + lseek(rawscores, 0, SEEK_SET); return (1); } @@ -935,13 +951,12 @@ void logit(msg) const char *msg; { - FILE *logfile; time_t t; - if ((logfile = fopen(_PATH_LOGFILE, "a")) != NULL) { + if (logfile != NULL) { time(&t); fprintf(logfile, "%s $%d %dx%d %s %s", getlogin(), cashvalue, lcnt, ccnt, msg, ctime(&t)); - fclose(logfile); + fflush(logfile); } } diff --git a/snake/snscore/snscore.c b/snake/snscore/snscore.c index e50fed75..65b6b228 100644 --- a/snake/snscore/snscore.c +++ b/snake/snscore/snscore.c @@ -1,4 +1,4 @@ -/* $NetBSD: snscore.c,v 1.10 1999/09/09 17:28:00 jsm Exp $ */ +/* $NetBSD: snscore.c,v 1.11 1999/09/12 09:02:23 jsm Exp $ */ /* * Copyright (c) 1980, 1993 @@ -43,7 +43,7 @@ __COPYRIGHT("@(#) Copyright (c) 1980, 1993\n\ #if 0 static char sccsid[] = "@(#)snscore.c 8.1 (Berkeley) 7/19/93"; #else -__RCSID("$NetBSD: snscore.c,v 1.10 1999/09/09 17:28:00 jsm Exp $"); +__RCSID("$NetBSD: snscore.c,v 1.11 1999/09/12 09:02:23 jsm Exp $"); #endif #endif /* not lint */ @@ -53,6 +53,7 @@ __RCSID("$NetBSD: snscore.c,v 1.10 1999/09/09 17:28:00 jsm Exp $"); #include <stdio.h> #include <stdlib.h> #include <string.h> +#include <unistd.h> #include "pathnames.h" const char *recfile = _PATH_RAWSCORES; @@ -77,6 +78,9 @@ main() const char *q; struct passwd *p; + /* Revoke setgid privileges */ + setregid(getgid(), getgid()); + fd = fopen(recfile, "r"); if (fd == NULL) err(1, "opening `%s'", recfile); |