From 2f593094f0c4f828fd81a3b052ee426135135694 Mon Sep 17 00:00:00 2001 From: jsm Date: Sun, 12 Sep 1999 09:02:20 +0000 Subject: Security improvements for games (largely from or inspired by OpenBSD). Games which run setgid from dm, but don't need to, should drop their privileges at startup. Games which have a scorefile should open it at startup, then drop all privileges leaving just the open writable file descriptor. If the game can invoke subprocesses, this should be made close-on-exec. Games with scorefiles should make sure they do not get a file descriptor < 3. (Otherwise, they could get confused and corrupt the scorefile when using stdin, stdout or stderr.) Some old setuid revokes from the days of setuid games change into gid revokes. --- snake/snscore/snscore.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'snake/snscore') diff --git a/snake/snscore/snscore.c b/snake/snscore/snscore.c index e50fed75..65b6b228 100644 --- a/snake/snscore/snscore.c +++ b/snake/snscore/snscore.c @@ -1,4 +1,4 @@ -/* $NetBSD: snscore.c,v 1.10 1999/09/09 17:28:00 jsm Exp $ */ +/* $NetBSD: snscore.c,v 1.11 1999/09/12 09:02:23 jsm Exp $ */ /* * Copyright (c) 1980, 1993 @@ -43,7 +43,7 @@ __COPYRIGHT("@(#) Copyright (c) 1980, 1993\n\ #if 0 static char sccsid[] = "@(#)snscore.c 8.1 (Berkeley) 7/19/93"; #else -__RCSID("$NetBSD: snscore.c,v 1.10 1999/09/09 17:28:00 jsm Exp $"); +__RCSID("$NetBSD: snscore.c,v 1.11 1999/09/12 09:02:23 jsm Exp $"); #endif #endif /* not lint */ @@ -53,6 +53,7 @@ __RCSID("$NetBSD: snscore.c,v 1.10 1999/09/09 17:28:00 jsm Exp $"); #include #include #include +#include #include "pathnames.h" const char *recfile = _PATH_RAWSCORES; @@ -77,6 +78,9 @@ main() const char *q; struct passwd *p; + /* Revoke setgid privileges */ + setregid(getgid(), getgid()); + fd = fopen(recfile, "r"); if (fd == NULL) err(1, "opening `%s'", recfile); -- cgit v1.2.3-56-ge451