Subject: bin/3246: [dM] larn can't write its logfile
To: None <gnats-bugs@gnats.netbsd.org>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: netbsd-bugs
Date: 02/22/1997 18:30:17 
>Number:         3246
>Category:       bin
>Synopsis:       [dM] larn can't write its logfile
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Feb 22 15:35:01 1997
>Last-Modified:
>Originator:     der Mouse
>Organization:
	Dis-
>Release:        1.2_BETA
>Environment:
	Any; observed under NetBSD/1.2_BETA on Sun-3/260.
>Description:
	larn tries be prepared to be run setuid games, and juggles its
	euid with this in mind.  But a little of the juggling wasn't
	done with enough care, and as a result larn is unable to record
	scores (for either failed or successful games).  (Exception: if
	it's run as root, it can do it 'cause it's got root powers in
	spite of having euid!=0.)
>How-To-Repeat:
	Play larn as a non-superuser.  Die.  Watch the message; in a
	test I just now did, I saw

Score: 60, Diff: 0,  mouse killed by a jackal on  1
error creating file </var/games/larn/llog12.0>

Can't open record file:  I can't post your score.

>Fix:
	This cures the symptom for me.  I _think_ it introduces no
	additional insecurity.

--- OLD/games/larn/scores.c	Thu Jan  1 00:00:00 1970
+++ NEW/games/larn/scores.c	Thu Jan  1 00:00:00 1970
@@ -516,18 +516,19 @@
 	if ((wizard == 0) && (c[GOLD] > 0)) 	/*	wizards can't score		*/
 		{
 #ifndef NOLOG
+		seteuid(euid);
 		if (lappend(logfile)<0)  /* append to file */
 			{
 			if (lcreat(logfile)<0) /* and can't create new log file */
 		    	{
+				seteuid(uid);
 				lcreat((char*)0);
 				lprcat("\nCan't open record file:  I can't post your score.\n");
 				sncbr();  resetscroll();  lflush();  exit();
 				}
-			seteuid(euid);
 			chmod(logfile,0660);
-			seteuid(uid);
 			}
+		seteuid(uid);
 		strcpy(logg.who,loginname);
 		logg.score = c[GOLD];		logg.diff = c[HARDGAME];
 		if (x < 256)
@@ -669,4 +670,3 @@
 	return(high);
 	}
 #endif UIDSCORE
-

					der Mouse

			       mouse@rodents.montreal.qc.ca
		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B
>Audit-Trail:
>Unformatted: