Subject: bin/5970: [PATCH] Security of NetBSD games 2
To: None <gnats-bugs@gnats.netbsd.org>
From: Joseph Myers <jsm@octomino.demon.co.uk>
List: netbsd-bugs
Date: 08/14/1998 17:26:16
>Number:         5970
>Category:       bin
>Synopsis:       [PATCH] Security of NetBSD games 2
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Aug 14 10:35:01 1998
>Last-Modified:
>Originator:     Joseph Samuel Myers
>Organization:
Trinity College, University of Cambridge, UK
>Release:        NetBSD-current of 1998-07-27
>Environment:
	
[
System: Linux octomino 2.0.35 #1 Wed Aug 12 15:54:21 UTC 1998 i586 unknown
Architecture: i586
]
>Description:

This patch fixes the security issues described in PR bin/5945 for more
games: battlestar, bcd, boggle, caesar.  As with the previous patch it
is derived from OpenBSD.  This patch can be applied independently of
the previous patch.

>How-To-Repeat:

>Fix:

diff -ruN netbsd/battlestar/battlestar.c netbsd+security/battlestar/battlestar.c
--- netbsd/battlestar/battlestar.c	Sat Oct 11 11:50:04 1997
+++ netbsd+security/battlestar/battlestar.c	Thu Aug 13 13:26:05 1998
@@ -66,6 +66,9 @@
 	char    mainbuf[LINELENGTH];
 	char   *next;
 
+	/* Open the score file then revoke setgid privileges */
+	open_score_file();
+	setregid(getgid(), getgid());
 	initialize(argc < 2 || strcmp(argv[1], "-r"));
 start:
 	news();
diff -ruN netbsd/battlestar/com6.c netbsd+security/battlestar/com6.c
--- netbsd/battlestar/com6.c	Tue Oct 14 11:09:14 1997
+++ netbsd+security/battlestar/com6.c	Thu Aug 13 13:28:55 1998
@@ -105,11 +105,20 @@
 	exit(0);
 }
 
+static FILE *score_fp;
+
+void
+open_score_file()
+{
+	score_fp = fopen(_PATH_SCORE, "a");
+	if (score_fp == NULL)
+		warn("open %s for append", _PATH_SCORE);
+}
+
 void
 post(ch)
 	char    ch;
 {
-	FILE   *fp;
 	struct timeval tv;
 	time_t tvsec;
 	char   *date;
@@ -122,17 +131,16 @@
 	tvsec = (time_t) tv.tv_sec;
 	date = ctime(&tvsec);
 	date[24] = '\0';
-	if ((fp = fopen(_PATH_SCORE, "a")) != NULL) {
-		fprintf(fp, "%s  %8s  %c%20s", date, uname, ch, rate());
+	if (score_fp != NULL) {
+		fprintf(score_fp, "%s  %8s  %c%20s", date, uname, ch, rate());
 		if (wiz)
-			fprintf(fp, "   wizard\n");
+			fprintf(score_fp, "   wizard\n");
 		else
 			if (tempwiz)
-				fprintf(fp, "   WIZARD!\n");
+				fprintf(score_fp, "   WIZARD!\n");
 			else
-				fprintf(fp, "\n");
-	} else
-		warn("fopen %s", _PATH_SCORE);
+				fprintf(score_fp, "\n");
+	}
 	sigprocmask(SIG_SETMASK, &osigset, (sigset_t *) 0);
 }
 
diff -ruN netbsd/battlestar/extern.h netbsd+security/battlestar/extern.h
--- netbsd/battlestar/extern.h	Sun Mar 29 12:13:46 1998
+++ netbsd+security/battlestar/extern.h	Thu Aug 13 13:26:26 1998
@@ -340,6 +340,7 @@
 void news __P((void));
 void newway __P((int));
 void notarget __P((void));
+void open_score_file __P((void));
 void parse __P((void));
 void post __P((char));
 void printobjs __P((void));
diff -ruN netbsd/bcd/bcd.c netbsd+security/bcd/bcd.c
--- netbsd/bcd/bcd.c	Fri Oct 10 11:22:48 1997
+++ netbsd+security/bcd/bcd.c	Thu Aug 13 13:30:14 1998
@@ -85,6 +85,7 @@
 #include <stdio.h>
 #include <string.h>
 #include <ctype.h>
+#include <unistd.h>
 
 u_short holes[256] = {
     0x0,	 0x0,	  0x0,	   0x0,	    0x0,     0x0,     0x0,     0x0,
@@ -135,6 +136,9 @@
 	char **argv;
 {
 	char cardline[80];
+
+	/* revoke setgid privileges */
+	setregid(getgid(), getgid());
 
 	/*
 	 * The original bcd prompts with a "%" when reading from stdin,
diff -ruN netbsd/boggle/boggle/bog.c netbsd+security/boggle/boggle/bog.c
--- netbsd/boggle/boggle/bog.c	Sat Oct 11 11:50:39 1997
+++ netbsd+security/boggle/boggle/bog.c	Thu Aug 13 13:30:52 1998
@@ -132,6 +132,9 @@
 	int ch, done, i, selfuse, sflag;
 	char *bspec, *p;
 
+	/* revoke setgid privileges */
+	setregid(getgid(), getgid());
+
 	seed = 0;
 	batch = debug = reuse = selfuse = sflag = 0;
 	bspec = NULL;
diff -ruN netbsd/caesar/caesar.c netbsd+security/caesar/caesar.c
--- netbsd/caesar/caesar.c	Sat Oct 11 11:50:55 1997
+++ netbsd+security/caesar/caesar.c	Thu Aug 13 13:31:29 1998
@@ -92,6 +92,9 @@
 	char *inbuf;
 	int obs[26], try, winner;
 
+	/* revoke setgid privileges */
+	setregid(getgid(), getgid());
+
 	winnerdot = 0;
 	if (argc > 1)
 		printit(argv[1]);
>Audit-Trail:
>Unformatted: