From 2f593094f0c4f828fd81a3b052ee426135135694 Mon Sep 17 00:00:00 2001 From: jsm Date: Sun, 12 Sep 1999 09:02:20 +0000 Subject: Security improvements for games (largely from or inspired by OpenBSD). Games which run setgid from dm, but don't need to, should drop their privileges at startup. Games which have a scorefile should open it at startup, then drop all privileges leaving just the open writable file descriptor. If the game can invoke subprocesses, this should be made close-on-exec. Games with scorefiles should make sure they do not get a file descriptor < 3. (Otherwise, they could get confused and corrupt the scorefile when using stdin, stdout or stderr.) Some old setuid revokes from the days of setuid games change into gid revokes. --- canfield/canfield/canfield.c | 10 ++++++++-- canfield/cfscores/cfscores.c | 7 +++++-- cribbage/crib.c | 31 ++++++++++++++++++++++++++----- fish/fish.c | 7 ++++--- gomoku/main.c | 7 +++++-- hangman/main.c | 7 +++++-- mille/mille.c | 8 ++++---- monop/monop.c | 7 +++++-- morse/morse.c | 7 +++++-- ppt/ppt.c | 8 ++++++-- quiz/quiz.c | 7 +++++-- robots/main.c | 31 ++++++++++++++++++++++++++----- robots/robots.h | 5 +++-- robots/score.c | 17 ++++++++--------- rogue/init.c | 17 +++++++++++++++-- rogue/machdep.c | 11 +++++------ rogue/rogue.h | 6 +++++- rogue/score.c | 7 +++++-- snake/snake/snake.c | 33 ++++++++++++++++++++++++--------- snake/snscore/snscore.c | 8 ++++++-- tetris/scores.c | 9 ++++++++- tetris/tetris.c | 15 ++++++++++++++- tetris/tetris.h | 5 ++++- trek/main.c | 7 +++++-- worm/worm.c | 7 +++++-- wump/wump.c | 7 +++++-- 26 files changed, 216 insertions(+), 75 deletions(-) diff --git a/canfield/canfield/canfield.c b/canfield/canfield/canfield.c index f13e1eb9..854bf2eb 100644 --- a/canfield/canfield/canfield.c +++ b/canfield/canfield/canfield.c @@ -1,4 +1,4 @@ -/* $NetBSD: canfield.c,v 1.14 1999/09/09 17:30:19 jsm Exp $ */ +/* $NetBSD: canfield.c,v 1.15 1999/09/12 09:02:20 jsm Exp $ */ /* * Copyright (c) 1980, 1993 @@ -43,7 +43,7 @@ __COPYRIGHT("@(#) Copyright (c) 1980, 1993\n\ #if 0 static char sccsid[] = "@(#)canfield.c 8.1 (Berkeley) 5/31/93"; #else -__RCSID("$NetBSD: canfield.c,v 1.14 1999/09/09 17:30:19 jsm Exp $"); +__RCSID("$NetBSD: canfield.c,v 1.15 1999/09/12 09:02:20 jsm Exp $"); #endif #endif /* not lint */ @@ -1683,8 +1683,14 @@ initall() if (uid < 0) uid = 0; dbfd = open(_PATH_SCORE, O_RDWR); + + /* Revoke setgid privileges */ + setregid(getgid(), getgid()); + if (dbfd < 0) return; + if (dbfd < 3) + exit(1); i = lseek(dbfd, uid * sizeof(struct betinfo), SEEK_SET); if (i < 0) { close(dbfd); diff --git a/canfield/cfscores/cfscores.c b/canfield/cfscores/cfscores.c index 84216877..b4a291b5 100644 --- a/canfield/cfscores/cfscores.c +++ b/canfield/cfscores/cfscores.c @@ -1,4 +1,4 @@ -/* $NetBSD: cfscores.c,v 1.7 1999/09/08 21:17:46 jsm Exp $ */ +/* $NetBSD: cfscores.c,v 1.8 1999/09/12 09:02:20 jsm Exp $ */ /* * Copyright (c) 1983, 1993 @@ -43,7 +43,7 @@ __COPYRIGHT("@(#) Copyright (c) 1983, 1993\n\ #if 0 static char sccsid[] = "@(#)cfscores.c 8.1 (Berkeley) 5/31/93"; #else -__RCSID("$NetBSD: cfscores.c,v 1.7 1999/09/08 21:17:46 jsm Exp $"); +__RCSID("$NetBSD: cfscores.c,v 1.8 1999/09/12 09:02:20 jsm Exp $"); #endif #endif /* not lint */ @@ -79,6 +79,9 @@ main(argc, argv) struct passwd *pw; int uid; + /* Revoke setgid privileges */ + setregid(getgid(), getgid()); + if (argc > 2) { printf("Usage: cfscores [user]\n"); exit(1); diff --git a/cribbage/crib.c b/cribbage/crib.c index 83a9e422..7cf7647a 100644 --- a/cribbage/crib.c +++ b/cribbage/crib.c @@ -1,4 +1,4 @@ -/* $NetBSD: crib.c,v 1.11 1999/09/08 21:17:47 jsm Exp $ */ +/* $NetBSD: crib.c,v 1.12 1999/09/12 09:02:21 jsm Exp $ */ /*- * Copyright (c) 1980, 1993 @@ -43,12 +43,13 @@ __COPYRIGHT("@(#) Copyright (c) 1980, 1993\n\ #if 0 static char sccsid[] = "@(#)crib.c 8.1 (Berkeley) 5/31/93"; #else -__RCSID("$NetBSD: crib.c,v 1.11 1999/09/08 21:17:47 jsm Exp $"); +__RCSID("$NetBSD: crib.c,v 1.12 1999/09/12 09:02:21 jsm Exp $"); #endif #endif /* not lint */ #include #include +#include #include #include #include @@ -69,6 +70,28 @@ main(argc, argv) BOOLEAN playing; FILE *f; int ch; + int fd; + int flags; + + f = fopen(_PATH_LOG, "a"); + if (f == NULL) + warn("fopen %s", _PATH_LOG); + if (f != NULL && fileno(f) < 3) + exit(1); + + /* Revoke setgid privileges */ + setregid(getgid(), getgid()); + + /* Set close-on-exec flag on log file */ + if (f != NULL) { + fd = fileno(f); + flags = fcntl(fd, F_GETFD); + if (flags < 0) + err(1, "fcntl F_GETFD"); + flags |= FD_CLOEXEC; + if (fcntl(fd, F_SETFD, flags) == -1) + err(1, "fcntl F_SETFD"); + } while ((ch = getopt(argc, argv, "eqr")) != -1) switch (ch) { @@ -129,14 +152,12 @@ main(argc, argv) playing = (getuchar() == 'Y'); } while (playing); - if ((f = fopen(_PATH_LOG, "a")) != NULL) { + if (f != NULL) { (void)fprintf(f, "%s: won %5.5d, lost %5.5d\n", getlogin(), cgames, pgames); (void) fclose(f); } bye(); - if (!f) - errx(1, "can't open %s", _PATH_LOG); exit(0); } diff --git a/fish/fish.c b/fish/fish.c index 1ce39130..b522a7b4 100644 --- a/fish/fish.c +++ b/fish/fish.c @@ -1,4 +1,4 @@ -/* $NetBSD: fish.c,v 1.9 1999/09/08 21:17:48 jsm Exp $ */ +/* $NetBSD: fish.c,v 1.10 1999/09/12 09:02:21 jsm Exp $ */ /*- * Copyright (c) 1990, 1993 @@ -46,7 +46,7 @@ __COPYRIGHT("@(#) Copyright (c) 1990, 1993\n\ #if 0 static char sccsid[] = "@(#)fish.c 8.1 (Berkeley) 5/31/93"; #else -__RCSID("$NetBSD: fish.c,v 1.9 1999/09/08 21:17:48 jsm Exp $"); +__RCSID("$NetBSD: fish.c,v 1.10 1999/09/12 09:02:21 jsm Exp $"); #endif #endif /* not lint */ @@ -104,7 +104,8 @@ main(argc, argv) { int ch, move; - setgid(getgid()); + /* Revoke setgid privileges */ + setregid(getgid(), getgid()); while ((ch = getopt(argc, argv, "p")) != -1) switch(ch) { diff --git a/gomoku/main.c b/gomoku/main.c index e7f0448f..7b8fc674 100644 --- a/gomoku/main.c +++ b/gomoku/main.c @@ -1,4 +1,4 @@ -/* $NetBSD: main.c,v 1.7 1999/09/08 21:45:27 jsm Exp $ */ +/* $NetBSD: main.c,v 1.8 1999/09/12 09:02:21 jsm Exp $ */ /* * Copyright (c) 1994 @@ -46,7 +46,7 @@ __COPYRIGHT("@(#) Copyright (c) 1994\n\ #if 0 static char sccsid[] = "@(#)main.c 8.4 (Berkeley) 5/4/95"; #else -__RCSID("$NetBSD: main.c,v 1.7 1999/09/08 21:45:27 jsm Exp $"); +__RCSID("$NetBSD: main.c,v 1.8 1999/09/12 09:02:21 jsm Exp $"); #endif #endif /* not lint */ @@ -98,6 +98,9 @@ main(argc, argv) "%3d %-6s" }; + /* Revoke setgid privileges */ + setregid(getgid(), getgid()); + color = curmove = 0; prog = strrchr(argv[0], '/'); diff --git a/hangman/main.c b/hangman/main.c index 8d448e03..1cc88e78 100644 --- a/hangman/main.c +++ b/hangman/main.c @@ -1,4 +1,4 @@ -/* $NetBSD: main.c,v 1.6 1999/09/08 21:45:28 jsm Exp $ */ +/* $NetBSD: main.c,v 1.7 1999/09/12 09:02:21 jsm Exp $ */ /* * Copyright (c) 1983, 1993 @@ -43,7 +43,7 @@ __COPYRIGHT("@(#) Copyright (c) 1983, 1993\n\ #if 0 static char sccsid[] = "@(#)main.c 8.1 (Berkeley) 5/31/93"; #else -__RCSID("$NetBSD: main.c,v 1.6 1999/09/08 21:45:28 jsm Exp $"); +__RCSID("$NetBSD: main.c,v 1.7 1999/09/12 09:02:21 jsm Exp $"); #endif #endif /* not lint */ @@ -55,6 +55,9 @@ __RCSID("$NetBSD: main.c,v 1.6 1999/09/08 21:45:28 jsm Exp $"); int main(void) { + /* Revoke setgid privileges */ + setregid(getgid(), getgid()); + initscr(); signal(SIGINT, die); setup(); diff --git a/mille/mille.c b/mille/mille.c index 9991c500..a41cd832 100644 --- a/mille/mille.c +++ b/mille/mille.c @@ -1,4 +1,4 @@ -/* $NetBSD: mille.c,v 1.8 1999/09/08 21:45:28 jsm Exp $ */ +/* $NetBSD: mille.c,v 1.9 1999/09/12 09:02:21 jsm Exp $ */ /* * Copyright (c) 1982, 1993 @@ -43,7 +43,7 @@ __COPYRIGHT("@(#) Copyright (c) 1982, 1993\n\ #if 0 static char sccsid[] = "@(#)mille.c 8.1 (Berkeley) 5/31/93"; #else -__RCSID("$NetBSD: mille.c,v 1.8 1999/09/08 21:45:28 jsm Exp $"); +__RCSID("$NetBSD: mille.c,v 1.9 1999/09/12 09:02:21 jsm Exp $"); #endif #endif /* not lint */ @@ -61,8 +61,8 @@ main(ac, av) { bool restore; - /* run as the user */ - setuid(getuid()); + /* Revoke setgid privileges */ + setregid(getgid(), getgid()); if (strcmp(av[0], "a.out") == 0) { outf = fopen("q", "w"); diff --git a/monop/monop.c b/monop/monop.c index 5b071759..289f2b12 100644 --- a/monop/monop.c +++ b/monop/monop.c @@ -1,4 +1,4 @@ -/* $NetBSD: monop.c,v 1.8 1999/09/09 17:27:59 jsm Exp $ */ +/* $NetBSD: monop.c,v 1.9 1999/09/12 09:02:22 jsm Exp $ */ /* * Copyright (c) 1980, 1993 @@ -43,7 +43,7 @@ __COPYRIGHT("@(#) Copyright (c) 1980, 1993\n\ #if 0 static char sccsid[] = "@(#)monop.c 8.1 (Berkeley) 5/31/93"; #else -__RCSID("$NetBSD: monop.c,v 1.8 1999/09/09 17:27:59 jsm Exp $"); +__RCSID("$NetBSD: monop.c,v 1.9 1999/09/12 09:02:22 jsm Exp $"); #endif #endif /* not lint */ @@ -67,6 +67,9 @@ main(ac, av) int ac; char *av[]; { + /* Revoke setgid privileges */ + setregid(getgid(), getgid()); + srand(getpid()); if (ac > 1) { if (!rest_f(av[1])) diff --git a/morse/morse.c b/morse/morse.c index d9086e8e..2e2a2c01 100644 --- a/morse/morse.c +++ b/morse/morse.c @@ -1,4 +1,4 @@ -/* $NetBSD: morse.c,v 1.7 1999/09/08 21:17:53 jsm Exp $ */ +/* $NetBSD: morse.c,v 1.8 1999/09/12 09:02:22 jsm Exp $ */ /* * Copyright (c) 1988, 1993 @@ -43,7 +43,7 @@ __COPYRIGHT("@(#) Copyright (c) 1988, 1993\n\ #if 0 static char sccsid[] = "@(#)morse.c 8.1 (Berkeley) 5/31/93"; #else -__RCSID("$NetBSD: morse.c,v 1.7 1999/09/08 21:17:53 jsm Exp $"); +__RCSID("$NetBSD: morse.c,v 1.8 1999/09/12 09:02:22 jsm Exp $"); #endif #endif /* not lint */ @@ -114,6 +114,9 @@ main(argc, argv) int ch; char *s, *p; + /* Revoke setgid privileges */ + setregid(getgid(), getgid()); + while ((ch = getopt(argc, argv, "ds")) != -1) switch((char)ch) { case 'd': diff --git a/ppt/ppt.c b/ppt/ppt.c index cef23a7f..befb1953 100644 --- a/ppt/ppt.c +++ b/ppt/ppt.c @@ -1,4 +1,4 @@ -/* $NetBSD: ppt.c,v 1.5 1997/10/10 16:48:39 lukem Exp $ */ +/* $NetBSD: ppt.c,v 1.6 1999/09/12 09:02:22 jsm Exp $ */ /* * Copyright (c) 1988, 1993 @@ -43,11 +43,12 @@ __COPYRIGHT("@(#) Copyright (c) 1988, 1993\n\ #if 0 static char sccsid[] = "@(#)ppt.c 8.1 (Berkeley) 5/31/93"; #else -__RCSID("$NetBSD: ppt.c,v 1.5 1997/10/10 16:48:39 lukem Exp $"); +__RCSID("$NetBSD: ppt.c,v 1.6 1999/09/12 09:02:22 jsm Exp $"); #endif #endif /* not lint */ #include +#include int main __P((int, char *[])); static void putppt __P((int)); @@ -60,6 +61,9 @@ main(argc, argv) int c; char *p; + /* Revoke setgid privileges */ + setregid(getgid(), getgid()); + (void) puts("___________"); if (argc > 1) while ((p = *++argv) != NULL) diff --git a/quiz/quiz.c b/quiz/quiz.c index 96ede113..aec0ae78 100644 --- a/quiz/quiz.c +++ b/quiz/quiz.c @@ -1,4 +1,4 @@ -/* $NetBSD: quiz.c,v 1.14 1999/09/08 21:17:56 jsm Exp $ */ +/* $NetBSD: quiz.c,v 1.15 1999/09/12 09:02:22 jsm Exp $ */ /*- * Copyright (c) 1991, 1993 @@ -47,7 +47,7 @@ __COPYRIGHT("@(#) Copyright (c) 1991, 1993\n\ #if 0 static char sccsid[] = "@(#)quiz.c 8.3 (Berkeley) 5/4/95"; #else -__RCSID("$NetBSD: quiz.c,v 1.14 1999/09/08 21:17:56 jsm Exp $"); +__RCSID("$NetBSD: quiz.c,v 1.15 1999/09/12 09:02:22 jsm Exp $"); #endif #endif /* not lint */ @@ -88,6 +88,9 @@ main(argc, argv) int ch; const char *indexfile; + /* Revoke setgid privileges */ + setregid(getgid(), getgid()); + indexfile = _PATH_QUIZIDX; while ((ch = getopt(argc, argv, "i:t")) != -1) switch(ch) { diff --git a/robots/main.c b/robots/main.c index f2f9c97f..af8e8b7a 100644 --- a/robots/main.c +++ b/robots/main.c @@ -1,4 +1,4 @@ -/* $NetBSD: main.c,v 1.10 1999/09/08 21:45:29 jsm Exp $ */ +/* $NetBSD: main.c,v 1.11 1999/09/12 09:02:22 jsm Exp $ */ /* * Copyright (c) 1980, 1993 @@ -43,7 +43,7 @@ __COPYRIGHT("@(#) Copyright (c) 1980, 1993\n\ #if 0 static char sccsid[] = "@(#)main.c 8.1 (Berkeley) 5/31/93"; #else -__RCSID("$NetBSD: main.c,v 1.10 1999/09/08 21:45:29 jsm Exp $"); +__RCSID("$NetBSD: main.c,v 1.11 1999/09/12 09:02:22 jsm Exp $"); #endif #endif /* not lint */ @@ -61,6 +61,17 @@ main(ac, av) bool show_only; extern const char *Scorefile; extern int Max_per_uid; + int score_wfd; /* high score writable file descriptor */ + int score_err = 0; /* hold errno from score file open */ + + score_wfd = open(Scorefile, O_RDWR); + if (score_wfd < 0) + score_err = errno; + else if (score_wfd < 3) + exit(1); + + /* Revoke setgid privileges */ + setregid(getgid(), getgid()); show_only = FALSE; Num_games = 1; @@ -71,9 +82,12 @@ main(ac, av) if (isdigit(av[0][0])) Max_per_uid = atoi(av[0]); else { - setuid(getuid()); - setgid(getgid()); Scorefile = av[0]; + if (score_wfd >= 0) + close(score_wfd); + score_wfd = open(Scorefile, O_RDWR); + if (score_wfd < 0) + score_err = errno; # ifdef FANCY sp = strrchr(Scorefile, '/'); if (sp == NULL) @@ -128,6 +142,13 @@ main(ac, av) /* NOTREACHED */ } + if (score_wfd < 0) { + errno = score_err; + warn("%s", Scorefile); + warnx("High scores will not be recorded!"); + sleep(2); + } + initscr(); signal(SIGINT, quit); crmode(); @@ -161,7 +182,7 @@ main(ac, av) refresh(); if (Auto_bot) sleep(1); - score(); + score(score_wfd); if (Auto_bot) sleep(1); refresh(); diff --git a/robots/robots.h b/robots/robots.h index 3fcf5c1c..eb93806a 100644 --- a/robots/robots.h +++ b/robots/robots.h @@ -1,4 +1,4 @@ -/* $NetBSD: robots.h,v 1.11 1999/09/08 21:17:57 jsm Exp $ */ +/* $NetBSD: robots.h,v 1.12 1999/09/12 09:02:22 jsm Exp $ */ /* * Copyright (c) 1980, 1993 @@ -39,6 +39,7 @@ # include # include # include +# include # include # include # include @@ -137,7 +138,7 @@ void quit __P((int)) __attribute__((__noreturn__)); void reset_count __P((void)); int rnd __P((int)); COORD *rnd_pos __P((void)); -void score __P((void)); +void score __P((int)); void set_name __P((SCORE *)); void show_score __P((void)); int sign __P((int)); diff --git a/robots/score.c b/robots/score.c index ddc8ce56..ee0b5b18 100644 --- a/robots/score.c +++ b/robots/score.c @@ -1,4 +1,4 @@ -/* $NetBSD: score.c,v 1.9 1999/09/08 21:57:20 jsm Exp $ */ +/* $NetBSD: score.c,v 1.10 1999/09/12 09:02:22 jsm Exp $ */ /* * Copyright (c) 1980, 1993 @@ -38,7 +38,7 @@ #if 0 static char sccsid[] = "@(#)score.c 8.1 (Berkeley) 5/31/93"; #else -__RCSID("$NetBSD: score.c,v 1.9 1999/09/08 21:57:20 jsm Exp $"); +__RCSID("$NetBSD: score.c,v 1.10 1999/09/12 09:02:22 jsm Exp $"); #endif #endif /* not lint */ @@ -116,18 +116,17 @@ write_score(inf) * top list. */ void -score() +score(score_wfd) + int score_wfd; { - int inf; + int inf = score_wfd; SCORE *scp; int uid; bool done_show = FALSE; Newscore = FALSE; - if ((inf = open(Scorefile, O_RDWR)) < 0) { - warn("opening `%s'", Scorefile); + if (inf < 0) return; - } read_score(inf); @@ -161,7 +160,7 @@ score() if (!Newscore) { Full_clear = FALSE; - close(inf); + lseek(inf, 0, SEEK_SET); return; } else @@ -191,7 +190,7 @@ score() if (Newscore) { write_score(inf); } - close(inf); + lseek(inf, 0, SEEK_SET); } void diff --git a/rogue/init.c b/rogue/init.c index f06ca3b4..afa5245c 100644 --- a/rogue/init.c +++ b/rogue/init.c @@ -1,4 +1,4 @@ -/* $NetBSD: init.c,v 1.9 1999/09/09 17:27:59 jsm Exp $ */ +/* $NetBSD: init.c,v 1.10 1999/09/12 09:02:23 jsm Exp $ */ /* * Copyright (c) 1988, 1993 @@ -41,7 +41,7 @@ #if 0 static char sccsid[] = "@(#)init.c 8.1 (Berkeley) 5/31/93"; #else -__RCSID("$NetBSD: init.c,v 1.9 1999/09/09 17:27:59 jsm Exp $"); +__RCSID("$NetBSD: init.c,v 1.10 1999/09/12 09:02:23 jsm Exp $"); #endif #endif /* not lint */ @@ -57,6 +57,8 @@ __RCSID("$NetBSD: init.c,v 1.9 1999/09/09 17:27:59 jsm Exp $"); * */ +#include + #include "rogue.h" char login_name[MAX_OPT_LEN]; @@ -72,6 +74,7 @@ boolean no_skull = 0; boolean passgo = 0; const char *error_file = "rogue.esave"; const char *byebye_string = "Okay, bye bye!"; +gid_t gid, egid; int init(argc, argv) @@ -80,6 +83,16 @@ init(argc, argv) { const char *pn; int seed; + int fd; + + gid = getgid(); + egid = getegid(); + setegid(gid); + /* Check for dirty tricks with closed fds 0, 1, 2 */ + fd = open("/dev/null", O_RDONLY); + if (fd < 3) + exit(1); + close(fd); seed = 0; pn = md_gln(); diff --git a/rogue/machdep.c b/rogue/machdep.c index 7e23ebf0..841f7b01 100644 --- a/rogue/machdep.c +++ b/rogue/machdep.c @@ -1,4 +1,4 @@ -/* $NetBSD: machdep.c,v 1.9 1998/11/10 13:01:32 hubertf Exp $ */ +/* $NetBSD: machdep.c,v 1.10 1999/09/12 09:02:23 jsm Exp $ */ /* * Copyright (c) 1988, 1993 @@ -41,7 +41,7 @@ #if 0 static char sccsid[] = "@(#)machdep.c 8.1 (Berkeley) 5/31/93"; #else -__RCSID("$NetBSD: machdep.c,v 1.9 1998/11/10 13:01:32 hubertf Exp $"); +__RCSID("$NetBSD: machdep.c,v 1.10 1999/09/12 09:02:23 jsm Exp $"); #endif #endif /* not lint */ @@ -471,10 +471,13 @@ md_lock(l) short tries; if (l) { + setegid(egid); if ((fd = open(_PATH_SCOREFILE, O_RDONLY)) < 1) { + setegid(gid); message("cannot lock score file", 0); return; } + setegid(gid); for (tries = 0; tries < 5; tries++) if (!flock(fd, LOCK_EX|LOCK_NB)) return; @@ -500,10 +503,6 @@ md_shell(shell) int w; if (!fork()) { - int uid; - - uid = getuid(); - setuid(uid); execl(shell, shell, 0); } wait(&w); diff --git a/rogue/rogue.h b/rogue/rogue.h index 92d49c09..0bf1e105 100644 --- a/rogue/rogue.h +++ b/rogue/rogue.h @@ -1,4 +1,4 @@ -/* $NetBSD: rogue.h,v 1.9 1999/09/08 21:45:30 jsm Exp $ */ +/* $NetBSD: rogue.h,v 1.10 1999/09/12 09:02:23 jsm Exp $ */ /* * Copyright (c) 1988, 1993 @@ -457,6 +457,8 @@ extern char *CL; */ #include #include +#include +#include object *alloc_object __P((void)); object *check_duplicate __P((object *, object *)); @@ -817,3 +819,5 @@ extern short r_rings; extern short regeneration; extern short ring_exp; extern short stealthy; +extern gid_t gid; +extern gid_t egid; diff --git a/rogue/score.c b/rogue/score.c index bc4f580f..3ef52dcd 100644 --- a/rogue/score.c +++ b/rogue/score.c @@ -1,4 +1,4 @@ -/* $NetBSD: score.c,v 1.7 1998/11/10 13:01:32 hubertf Exp $ */ +/* $NetBSD: score.c,v 1.8 1999/09/12 09:02:23 jsm Exp $ */ /* * Copyright (c) 1988, 1993 @@ -41,7 +41,7 @@ #if 0 static char sccsid[] = "@(#)score.c 8.1 (Berkeley) 5/31/93"; #else -__RCSID("$NetBSD: score.c,v 1.7 1998/11/10 13:01:32 hubertf Exp $"); +__RCSID("$NetBSD: score.c,v 1.8 1999/09/12 09:02:23 jsm Exp $"); #endif #endif /* not lint */ @@ -213,11 +213,14 @@ put_scores(monster, other) md_lock(1); + setegid(egid); if ((fp = fopen(_PATH_SCOREFILE, "r+")) == NULL && (fp = fopen(_PATH_SCOREFILE, "w+")) == NULL) { + setegid(gid); message("cannot read/write/create score file", 0); sf_error(); } + setegid(gid); rewind(fp); (void) xxx(1); diff --git a/snake/snake/snake.c b/snake/snake/snake.c index a356a02f..c3a69681 100644 --- a/snake/snake/snake.c +++ b/snake/snake/snake.c @@ -1,4 +1,4 @@ -/* $NetBSD: snake.c,v 1.12 1999/09/08 21:57:21 jsm Exp $ */ +/* $NetBSD: snake.c,v 1.13 1999/09/12 09:02:23 jsm Exp $ */ /* * Copyright (c) 1980, 1993 @@ -43,7 +43,7 @@ __COPYRIGHT("@(#) Copyright (c) 1980, 1993\n\ #if 0 static char sccsid[] = "@(#)snake.c 8.2 (Berkeley) 1/7/94"; #else -__RCSID("$NetBSD: snake.c,v 1.12 1999/09/08 21:57:21 jsm Exp $"); +__RCSID("$NetBSD: snake.c,v 1.13 1999/09/12 09:02:23 jsm Exp $"); #endif #endif /* not lint */ @@ -101,6 +101,9 @@ int repeat = 1; time_t tv; char *tn; +int rawscores; +FILE *logfile; + int main __P((int, char **)); int @@ -112,6 +115,20 @@ main(argc, argv) extern int optind; int ch, i; + /* Open score files then revoke setgid privileges */ + rawscores = open(_PATH_RAWSCORES, O_RDWR|O_CREAT, 0664); + if (rawscores < 0) { + warn("open %s", _PATH_RAWSCORES); + sleep(2); + } else if (rawscores < 3) + exit(1); + logfile = fopen(_PATH_LOGFILE, "a"); + if (logfile == NULL) { + warn("fopen %s", _PATH_LOGFILE); + sleep(2); + } + setregid(getgid(), getgid()); + (void) time(&tv); srandom((int) tv); @@ -498,9 +515,8 @@ post(iscore, flag) pr("No saved scores for uid %d.\n", uid); return (1); } - if ((rawscores = open(_PATH_RAWSCORES, O_RDWR | O_CREAT, 0644)) < 0) { - pr("No score file %s: %s.\n", _PATH_RAWSCORES, - strerror(errno)); + if (rawscores < 0) { + /* Error reported earlier */ return (1); } /* Figure out what happened in the past */ @@ -532,7 +548,7 @@ post(iscore, flag) pr("You set a new record!\n"); } else pr("The highest is %s with $%d\n", p->pw_name, allbscore); - close(rawscores); + lseek(rawscores, 0, SEEK_SET); return (1); } @@ -935,13 +951,12 @@ void logit(msg) const char *msg; { - FILE *logfile; time_t t; - if ((logfile = fopen(_PATH_LOGFILE, "a")) != NULL) { + if (logfile != NULL) { time(&t); fprintf(logfile, "%s $%d %dx%d %s %s", getlogin(), cashvalue, lcnt, ccnt, msg, ctime(&t)); - fclose(logfile); + fflush(logfile); } } diff --git a/snake/snscore/snscore.c b/snake/snscore/snscore.c index e50fed75..65b6b228 100644 --- a/snake/snscore/snscore.c +++ b/snake/snscore/snscore.c @@ -1,4 +1,4 @@ -/* $NetBSD: snscore.c,v 1.10 1999/09/09 17:28:00 jsm Exp $ */ +/* $NetBSD: snscore.c,v 1.11 1999/09/12 09:02:23 jsm Exp $ */ /* * Copyright (c) 1980, 1993 @@ -43,7 +43,7 @@ __COPYRIGHT("@(#) Copyright (c) 1980, 1993\n\ #if 0 static char sccsid[] = "@(#)snscore.c 8.1 (Berkeley) 7/19/93"; #else -__RCSID("$NetBSD: snscore.c,v 1.10 1999/09/09 17:28:00 jsm Exp $"); +__RCSID("$NetBSD: snscore.c,v 1.11 1999/09/12 09:02:23 jsm Exp $"); #endif #endif /* not lint */ @@ -53,6 +53,7 @@ __RCSID("$NetBSD: snscore.c,v 1.10 1999/09/09 17:28:00 jsm Exp $"); #include #include #include +#include #include "pathnames.h" const char *recfile = _PATH_RAWSCORES; @@ -77,6 +78,9 @@ main() const char *q; struct passwd *p; + /* Revoke setgid privileges */ + setregid(getgid(), getgid()); + fd = fopen(recfile, "r"); if (fd == NULL) err(1, "opening `%s'", recfile); diff --git a/tetris/scores.c b/tetris/scores.c index a93c2ef5..7f3e4115 100644 --- a/tetris/scores.c +++ b/tetris/scores.c @@ -1,4 +1,4 @@ -/* $NetBSD: scores.c,v 1.5 1999/09/08 21:18:00 jsm Exp $ */ +/* $NetBSD: scores.c,v 1.6 1999/09/12 09:02:23 jsm Exp $ */ /*- * Copyright (c) 1992, 1993 @@ -51,6 +51,7 @@ #include #include #include +#include #include #include #include @@ -96,6 +97,7 @@ getscores(fpp) FILE **fpp; { int sd, mint, lck; + mode_t mask; const char *mstr, *human; FILE *sf; @@ -110,10 +112,14 @@ getscores(fpp) human = "reading"; lck = LOCK_SH; } + setegid(egid); + mask = umask(S_IWOTH); sd = open(_PATH_SCOREFILE, mint, 0666); + (void)umask(mask); if (sd < 0) { if (fpp == NULL) { nscores = 0; + setegid(gid); return; } (void)fprintf(stderr, "tetris: cannot open %s for %s: %s\n", @@ -125,6 +131,7 @@ getscores(fpp) _PATH_SCOREFILE, human, strerror(errno)); exit(1); } + setegid(gid); /* * Grab a lock. diff --git a/tetris/tetris.c b/tetris/tetris.c index 3cf9f360..f1f096a8 100644 --- a/tetris/tetris.c +++ b/tetris/tetris.c @@ -1,4 +1,4 @@ -/* $NetBSD: tetris.c,v 1.11 1999/09/08 21:45:31 jsm Exp $ */ +/* $NetBSD: tetris.c,v 1.12 1999/09/12 09:02:24 jsm Exp $ */ /*- * Copyright (c) 1992, 1993 @@ -50,6 +50,7 @@ __COPYRIGHT("@(#) Copyright (c) 1992, 1993\n\ #include +#include #include #include #include @@ -61,6 +62,8 @@ __COPYRIGHT("@(#) Copyright (c) 1992, 1993\n\ #include "screen.h" #include "tetris.h" +gid_t gid, egid; + static void elide __P((void)); static void setup_board __P((void)); int main __P((int, char **)); @@ -121,6 +124,16 @@ main(argc, argv) register int level = 2; char key_write[6][10]; int ch, i, j; + int fd; + + gid = getgid(); + egid = getegid(); + setegid(gid); + + fd = open("/dev/null", O_RDONLY); + if (fd < 3) + exit(1); + close(fd); keys = "jkl pq"; diff --git a/tetris/tetris.h b/tetris/tetris.h index 97a28234..44a8b3b9 100644 --- a/tetris/tetris.h +++ b/tetris/tetris.h @@ -1,4 +1,4 @@ -/* $NetBSD: tetris.h,v 1.6 1999/09/08 21:18:01 jsm Exp $ */ +/* $NetBSD: tetris.h,v 1.7 1999/09/12 09:02:24 jsm Exp $ */ /*- * Copyright (c) 1992, 1993 @@ -38,6 +38,8 @@ * @(#)tetris.h 8.1 (Berkeley) 5/31/93 */ +#include + /* * Definitions for Tetris. */ @@ -166,6 +168,7 @@ long fallrate; /* less than 1 million; smaller => faster */ * still be moved or rotated). */ int score; /* the obvious thing */ +extern gid_t gid, egid; char key_msg[100]; int showpreview; diff --git a/trek/main.c b/trek/main.c index db9c85e0..5461bcce 100644 --- a/trek/main.c +++ b/trek/main.c @@ -1,4 +1,4 @@ -/* $NetBSD: main.c,v 1.6 1997/10/13 22:18:32 cjs Exp $ */ +/* $NetBSD: main.c,v 1.7 1999/09/12 09:02:24 jsm Exp $ */ /* * Copyright (c) 1980, 1993 @@ -43,7 +43,7 @@ __COPYRIGHT("@(#) Copyright (c) 1980, 1993\n\ #if 0 static char sccsid[] = "@(#)main.c 8.1 (Berkeley) 5/31/93"; #else -__RCSID("$NetBSD: main.c,v 1.6 1997/10/13 22:18:32 cjs Exp $"); +__RCSID("$NetBSD: main.c,v 1.7 1999/09/12 09:02:24 jsm Exp $"); #endif #endif /* not lint */ @@ -175,6 +175,9 @@ char **argv; char **av; struct termios argp; + /* Revoke setgid privileges */ + setregid(getgid(), getgid()); + av = argv; ac = argc; av++; diff --git a/worm/worm.c b/worm/worm.c index 47e242c3..588ce96b 100644 --- a/worm/worm.c +++ b/worm/worm.c @@ -1,4 +1,4 @@ -/* $NetBSD: worm.c,v 1.15 1999/09/09 17:28:00 jsm Exp $ */ +/* $NetBSD: worm.c,v 1.16 1999/09/12 09:02:24 jsm Exp $ */ /* * Copyright (c) 1980, 1993 @@ -43,7 +43,7 @@ __COPYRIGHT("@(#) Copyright (c) 1980, 1993\n\ #if 0 static char sccsid[] = "@(#)worm.c 8.1 (Berkeley) 5/31/93"; #else -__RCSID("$NetBSD: worm.c,v 1.15 1999/09/09 17:28:00 jsm Exp $"); +__RCSID("$NetBSD: worm.c,v 1.16 1999/09/12 09:02:24 jsm Exp $"); #endif #endif /* not lint */ @@ -102,6 +102,9 @@ main(argc, argv) { char ch; + /* Revoke setgid privileges */ + setregid(getgid(), getgid()); + if (argc == 2) start_len = atoi(argv[1]); if ((start_len <= 0) || (start_len > 500)) diff --git a/wump/wump.c b/wump/wump.c index 93fc6c5f..c1918920 100644 --- a/wump/wump.c +++ b/wump/wump.c @@ -1,4 +1,4 @@ -/* $NetBSD: wump.c,v 1.11 1999/09/10 10:47:56 kleink Exp $ */ +/* $NetBSD: wump.c,v 1.12 1999/09/12 09:02:24 jsm Exp $ */ /* * Copyright (c) 1989, 1993 @@ -47,7 +47,7 @@ __COPYRIGHT("@(#) Copyright (c) 1989, 1993\n\ #if 0 static char sccsid[] = "@(#)wump.c 8.1 (Berkeley) 5/31/93"; #else -__RCSID("$NetBSD: wump.c,v 1.11 1999/09/10 10:47:56 kleink Exp $"); +__RCSID("$NetBSD: wump.c,v 1.12 1999/09/12 09:02:24 jsm Exp $"); #endif #endif /* not lint */ @@ -147,6 +147,9 @@ main(argc, argv) { int c; + /* Revoke setgid privileges */ + setregid(getgid(), getgid()); + #ifdef DEBUG while ((c = getopt(argc, argv, "a:b:hp:r:t:d")) != -1) #else -- cgit v1.2.3-56-ge451