diff options
author | jsm <jsm@NetBSD.org> | 1999-09-12 09:02:20 +0000 |
---|---|---|
committer | jsm <jsm@NetBSD.org> | 1999-09-12 09:02:20 +0000 |
commit | 2f593094f0c4f828fd81a3b052ee426135135694 (patch) | |
tree | 7b98927c7e61fffdc04daa44d0d99f2316fa1a47 /tetris | |
parent | b8724a0a95054da51b0a8bfca19d6d2b2662609f (diff) | |
download | bsdgames-darwin-2f593094f0c4f828fd81a3b052ee426135135694.tar.gz bsdgames-darwin-2f593094f0c4f828fd81a3b052ee426135135694.tar.zst bsdgames-darwin-2f593094f0c4f828fd81a3b052ee426135135694.zip |
Security improvements for games (largely from or inspired by OpenBSD).
Games which run setgid from dm, but don't need to, should drop their
privileges at startup.
Games which have a scorefile should open it at startup, then drop all
privileges leaving just the open writable file descriptor. If the
game can invoke subprocesses, this should be made close-on-exec.
Games with scorefiles should make sure they do not get a file
descriptor < 3. (Otherwise, they could get confused and corrupt the
scorefile when using stdin, stdout or stderr.)
Some old setuid revokes from the days of setuid games change into gid
revokes.
Diffstat (limited to 'tetris')
-rw-r--r-- | tetris/scores.c | 9 | ||||
-rw-r--r-- | tetris/tetris.c | 15 | ||||
-rw-r--r-- | tetris/tetris.h | 5 |
3 files changed, 26 insertions, 3 deletions
diff --git a/tetris/scores.c b/tetris/scores.c index a93c2ef5..7f3e4115 100644 --- a/tetris/scores.c +++ b/tetris/scores.c @@ -1,4 +1,4 @@ -/* $NetBSD: scores.c,v 1.5 1999/09/08 21:18:00 jsm Exp $ */ +/* $NetBSD: scores.c,v 1.6 1999/09/12 09:02:23 jsm Exp $ */ /*- * Copyright (c) 1992, 1993 @@ -51,6 +51,7 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> +#include <sys/stat.h> #include <time.h> #include <termcap.h> #include <unistd.h> @@ -96,6 +97,7 @@ getscores(fpp) FILE **fpp; { int sd, mint, lck; + mode_t mask; const char *mstr, *human; FILE *sf; @@ -110,10 +112,14 @@ getscores(fpp) human = "reading"; lck = LOCK_SH; } + setegid(egid); + mask = umask(S_IWOTH); sd = open(_PATH_SCOREFILE, mint, 0666); + (void)umask(mask); if (sd < 0) { if (fpp == NULL) { nscores = 0; + setegid(gid); return; } (void)fprintf(stderr, "tetris: cannot open %s for %s: %s\n", @@ -125,6 +131,7 @@ getscores(fpp) _PATH_SCOREFILE, human, strerror(errno)); exit(1); } + setegid(gid); /* * Grab a lock. diff --git a/tetris/tetris.c b/tetris/tetris.c index 3cf9f360..f1f096a8 100644 --- a/tetris/tetris.c +++ b/tetris/tetris.c @@ -1,4 +1,4 @@ -/* $NetBSD: tetris.c,v 1.11 1999/09/08 21:45:31 jsm Exp $ */ +/* $NetBSD: tetris.c,v 1.12 1999/09/12 09:02:24 jsm Exp $ */ /*- * Copyright (c) 1992, 1993 @@ -50,6 +50,7 @@ __COPYRIGHT("@(#) Copyright (c) 1992, 1993\n\ #include <sys/time.h> +#include <fcntl.h> #include <signal.h> #include <stdio.h> #include <stdlib.h> @@ -61,6 +62,8 @@ __COPYRIGHT("@(#) Copyright (c) 1992, 1993\n\ #include "screen.h" #include "tetris.h" +gid_t gid, egid; + static void elide __P((void)); static void setup_board __P((void)); int main __P((int, char **)); @@ -121,6 +124,16 @@ main(argc, argv) register int level = 2; char key_write[6][10]; int ch, i, j; + int fd; + + gid = getgid(); + egid = getegid(); + setegid(gid); + + fd = open("/dev/null", O_RDONLY); + if (fd < 3) + exit(1); + close(fd); keys = "jkl pq"; diff --git a/tetris/tetris.h b/tetris/tetris.h index 97a28234..44a8b3b9 100644 --- a/tetris/tetris.h +++ b/tetris/tetris.h @@ -1,4 +1,4 @@ -/* $NetBSD: tetris.h,v 1.6 1999/09/08 21:18:01 jsm Exp $ */ +/* $NetBSD: tetris.h,v 1.7 1999/09/12 09:02:24 jsm Exp $ */ /*- * Copyright (c) 1992, 1993 @@ -38,6 +38,8 @@ * @(#)tetris.h 8.1 (Berkeley) 5/31/93 */ +#include <sys/types.h> + /* * Definitions for Tetris. */ @@ -166,6 +168,7 @@ long fallrate; /* less than 1 million; smaller => faster */ * still be moved or rotated). */ int score; /* the obvious thing */ +extern gid_t gid, egid; char key_msg[100]; int showpreview; |