From 2f593094f0c4f828fd81a3b052ee426135135694 Mon Sep 17 00:00:00 2001 From: jsm Date: Sun, 12 Sep 1999 09:02:20 +0000 Subject: Security improvements for games (largely from or inspired by OpenBSD). Games which run setgid from dm, but don't need to, should drop their privileges at startup. Games which have a scorefile should open it at startup, then drop all privileges leaving just the open writable file descriptor. If the game can invoke subprocesses, this should be made close-on-exec. Games with scorefiles should make sure they do not get a file descriptor < 3. (Otherwise, they could get confused and corrupt the scorefile when using stdin, stdout or stderr.) Some old setuid revokes from the days of setuid games change into gid revokes. --- rogue/machdep.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'rogue/machdep.c') diff --git a/rogue/machdep.c b/rogue/machdep.c index 7e23ebf0..841f7b01 100644 --- a/rogue/machdep.c +++ b/rogue/machdep.c @@ -1,4 +1,4 @@ -/* $NetBSD: machdep.c,v 1.9 1998/11/10 13:01:32 hubertf Exp $ */ +/* $NetBSD: machdep.c,v 1.10 1999/09/12 09:02:23 jsm Exp $ */ /* * Copyright (c) 1988, 1993 @@ -41,7 +41,7 @@ #if 0 static char sccsid[] = "@(#)machdep.c 8.1 (Berkeley) 5/31/93"; #else -__RCSID("$NetBSD: machdep.c,v 1.9 1998/11/10 13:01:32 hubertf Exp $"); +__RCSID("$NetBSD: machdep.c,v 1.10 1999/09/12 09:02:23 jsm Exp $"); #endif #endif /* not lint */ @@ -471,10 +471,13 @@ md_lock(l) short tries; if (l) { + setegid(egid); if ((fd = open(_PATH_SCOREFILE, O_RDONLY)) < 1) { + setegid(gid); message("cannot lock score file", 0); return; } + setegid(gid); for (tries = 0; tries < 5; tries++) if (!flock(fd, LOCK_EX|LOCK_NB)) return; @@ -500,10 +503,6 @@ md_shell(shell) int w; if (!fork()) { - int uid; - - uid = getuid(); - setuid(uid); execl(shell, shell, 0); } wait(&w); -- cgit v1.2.3