From 2f593094f0c4f828fd81a3b052ee426135135694 Mon Sep 17 00:00:00 2001 From: jsm Date: Sun, 12 Sep 1999 09:02:20 +0000 Subject: Security improvements for games (largely from or inspired by OpenBSD). Games which run setgid from dm, but don't need to, should drop their privileges at startup. Games which have a scorefile should open it at startup, then drop all privileges leaving just the open writable file descriptor. If the game can invoke subprocesses, this should be made close-on-exec. Games with scorefiles should make sure they do not get a file descriptor < 3. (Otherwise, they could get confused and corrupt the scorefile when using stdin, stdout or stderr.) Some old setuid revokes from the days of setuid games change into gid revokes. --- tetris/tetris.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) (limited to 'tetris/tetris.c') diff --git a/tetris/tetris.c b/tetris/tetris.c index 3cf9f360..f1f096a8 100644 --- a/tetris/tetris.c +++ b/tetris/tetris.c @@ -1,4 +1,4 @@ -/* $NetBSD: tetris.c,v 1.11 1999/09/08 21:45:31 jsm Exp $ */ +/* $NetBSD: tetris.c,v 1.12 1999/09/12 09:02:24 jsm Exp $ */ /*- * Copyright (c) 1992, 1993 @@ -50,6 +50,7 @@ __COPYRIGHT("@(#) Copyright (c) 1992, 1993\n\ #include +#include #include #include #include @@ -61,6 +62,8 @@ __COPYRIGHT("@(#) Copyright (c) 1992, 1993\n\ #include "screen.h" #include "tetris.h" +gid_t gid, egid; + static void elide __P((void)); static void setup_board __P((void)); int main __P((int, char **)); @@ -121,6 +124,16 @@ main(argc, argv) register int level = 2; char key_write[6][10]; int ch, i, j; + int fd; + + gid = getgid(); + egid = getegid(); + setegid(gid); + + fd = open("/dev/null", O_RDONLY); + if (fd < 3) + exit(1); + close(fd); keys = "jkl pq"; -- cgit v1.2.3