From 2f593094f0c4f828fd81a3b052ee426135135694 Mon Sep 17 00:00:00 2001 From: jsm Date: Sun, 12 Sep 1999 09:02:20 +0000 Subject: Security improvements for games (largely from or inspired by OpenBSD). Games which run setgid from dm, but don't need to, should drop their privileges at startup. Games which have a scorefile should open it at startup, then drop all privileges leaving just the open writable file descriptor. If the game can invoke subprocesses, this should be made close-on-exec. Games with scorefiles should make sure they do not get a file descriptor < 3. (Otherwise, they could get confused and corrupt the scorefile when using stdin, stdout or stderr.) Some old setuid revokes from the days of setuid games change into gid revokes. --- rogue/rogue.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'rogue/rogue.h') diff --git a/rogue/rogue.h b/rogue/rogue.h index 92d49c09..0bf1e105 100644 --- a/rogue/rogue.h +++ b/rogue/rogue.h @@ -1,4 +1,4 @@ -/* $NetBSD: rogue.h,v 1.9 1999/09/08 21:45:30 jsm Exp $ */ +/* $NetBSD: rogue.h,v 1.10 1999/09/12 09:02:23 jsm Exp $ */ /* * Copyright (c) 1988, 1993 @@ -457,6 +457,8 @@ extern char *CL; */ #include #include +#include +#include object *alloc_object __P((void)); object *check_duplicate __P((object *, object *)); @@ -817,3 +819,5 @@ extern short r_rings; extern short regeneration; extern short ring_exp; extern short stealthy; +extern gid_t gid; +extern gid_t egid; -- cgit v1.2.3-56-ge451