From 2f593094f0c4f828fd81a3b052ee426135135694 Mon Sep 17 00:00:00 2001 From: jsm Date: Sun, 12 Sep 1999 09:02:20 +0000 Subject: Security improvements for games (largely from or inspired by OpenBSD). Games which run setgid from dm, but don't need to, should drop their privileges at startup. Games which have a scorefile should open it at startup, then drop all privileges leaving just the open writable file descriptor. If the game can invoke subprocesses, this should be made close-on-exec. Games with scorefiles should make sure they do not get a file descriptor < 3. (Otherwise, they could get confused and corrupt the scorefile when using stdin, stdout or stderr.) Some old setuid revokes from the days of setuid games change into gid revokes. --- cribbage/crib.c | 31 ++++++++++++++++++++++++++----- 1 file changed, 26 insertions(+), 5 deletions(-) (limited to 'cribbage/crib.c') diff --git a/cribbage/crib.c b/cribbage/crib.c index 83a9e422..7cf7647a 100644 --- a/cribbage/crib.c +++ b/cribbage/crib.c @@ -1,4 +1,4 @@ -/* $NetBSD: crib.c,v 1.11 1999/09/08 21:17:47 jsm Exp $ */ +/* $NetBSD: crib.c,v 1.12 1999/09/12 09:02:21 jsm Exp $ */ /*- * Copyright (c) 1980, 1993 @@ -43,12 +43,13 @@ __COPYRIGHT("@(#) Copyright (c) 1980, 1993\n\ #if 0 static char sccsid[] = "@(#)crib.c 8.1 (Berkeley) 5/31/93"; #else -__RCSID("$NetBSD: crib.c,v 1.11 1999/09/08 21:17:47 jsm Exp $"); +__RCSID("$NetBSD: crib.c,v 1.12 1999/09/12 09:02:21 jsm Exp $"); #endif #endif /* not lint */ #include #include +#include #include #include #include @@ -69,6 +70,28 @@ main(argc, argv) BOOLEAN playing; FILE *f; int ch; + int fd; + int flags; + + f = fopen(_PATH_LOG, "a"); + if (f == NULL) + warn("fopen %s", _PATH_LOG); + if (f != NULL && fileno(f) < 3) + exit(1); + + /* Revoke setgid privileges */ + setregid(getgid(), getgid()); + + /* Set close-on-exec flag on log file */ + if (f != NULL) { + fd = fileno(f); + flags = fcntl(fd, F_GETFD); + if (flags < 0) + err(1, "fcntl F_GETFD"); + flags |= FD_CLOEXEC; + if (fcntl(fd, F_SETFD, flags) == -1) + err(1, "fcntl F_SETFD"); + } while ((ch = getopt(argc, argv, "eqr")) != -1) switch (ch) { @@ -129,14 +152,12 @@ main(argc, argv) playing = (getuchar() == 'Y'); } while (playing); - if ((f = fopen(_PATH_LOG, "a")) != NULL) { + if (f != NULL) { (void)fprintf(f, "%s: won %5.5d, lost %5.5d\n", getlogin(), cgames, pgames); (void) fclose(f); } bye(); - if (!f) - errx(1, "can't open %s", _PATH_LOG); exit(0); } -- cgit v1.2.3-56-ge451