Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/games Security improvements for games (largely from or inspi...
details: https://anonhg.NetBSD.org/src/rev/3b644252d7ad
branches: trunk
changeset: 476284:3b644252d7ad
user: jsm <jsm%NetBSD.org@localhost>
date: Sun Sep 12 09:02:20 1999 +0000
description:
Security improvements for games (largely from or inspired by OpenBSD).
Games which run setgid from dm, but don't need to, should drop their
privileges at startup.
Games which have a scorefile should open it at startup, then drop all
privileges leaving just the open writable file descriptor. If the
game can invoke subprocesses, this should be made close-on-exec.
Games with scorefiles should make sure they do not get a file
descriptor < 3. (Otherwise, they could get confused and corrupt the
scorefile when using stdin, stdout or stderr.)
Some old setuid revokes from the days of setuid games change into gid
revokes.
diffstat:
games/canfield/canfield/canfield.c | 10 ++++++++--
games/canfield/cfscores/cfscores.c | 7 +++++--
games/cribbage/crib.c | 31 ++++++++++++++++++++++++++-----
games/fish/fish.c | 7 ++++---
games/gomoku/main.c | 7 +++++--
games/hangman/main.c | 7 +++++--
games/mille/mille.c | 8 ++++----
games/monop/monop.c | 7 +++++--
games/morse/morse.c | 7 +++++--
games/ppt/ppt.c | 8 ++++++--
games/quiz/quiz.c | 7 +++++--
games/robots/main.c | 31 ++++++++++++++++++++++++++-----
games/robots/robots.h | 5 +++--
games/robots/score.c | 17 ++++++++---------
games/rogue/init.c | 17 +++++++++++++++--
games/rogue/machdep.c | 11 +++++------
games/rogue/rogue.h | 6 +++++-
games/rogue/score.c | 7 +++++--
games/snake/snake/snake.c | 33 ++++++++++++++++++++++++---------
games/snake/snscore/snscore.c | 8 ++++++--
games/tetris/scores.c | 9 ++++++++-
games/tetris/tetris.c | 15 ++++++++++++++-
games/tetris/tetris.h | 5 ++++-
games/trek/main.c | 7 +++++--
games/worm/worm.c | 7 +++++--
games/wump/wump.c | 7 +++++--
26 files changed, 216 insertions(+), 75 deletions(-)
diffs (truncated from 994 to 300 lines):
diff -r 3d464b4983be -r 3b644252d7ad games/canfield/canfield/canfield.c
--- a/games/canfield/canfield/canfield.c Sun Sep 12 08:23:42 1999 +0000
+++ b/games/canfield/canfield/canfield.c Sun Sep 12 09:02:20 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: canfield.c,v 1.14 1999/09/09 17:30:19 jsm Exp $ */
+/* $NetBSD: canfield.c,v 1.15 1999/09/12 09:02:20 jsm Exp $ */
/*
* Copyright (c) 1980, 1993
@@ -43,7 +43,7 @@
#if 0
static char sccsid[] = "@(#)canfield.c 8.1 (Berkeley) 5/31/93";
#else
-__RCSID("$NetBSD: canfield.c,v 1.14 1999/09/09 17:30:19 jsm Exp $");
+__RCSID("$NetBSD: canfield.c,v 1.15 1999/09/12 09:02:20 jsm Exp $");
#endif
#endif /* not lint */
@@ -1683,8 +1683,14 @@
if (uid < 0)
uid = 0;
dbfd = open(_PATH_SCORE, O_RDWR);
+
+ /* Revoke setgid privileges */
+ setregid(getgid(), getgid());
+
if (dbfd < 0)
return;
+ if (dbfd < 3)
+ exit(1);
i = lseek(dbfd, uid * sizeof(struct betinfo), SEEK_SET);
if (i < 0) {
close(dbfd);
diff -r 3d464b4983be -r 3b644252d7ad games/canfield/cfscores/cfscores.c
--- a/games/canfield/cfscores/cfscores.c Sun Sep 12 08:23:42 1999 +0000
+++ b/games/canfield/cfscores/cfscores.c Sun Sep 12 09:02:20 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: cfscores.c,v 1.7 1999/09/08 21:17:46 jsm Exp $ */
+/* $NetBSD: cfscores.c,v 1.8 1999/09/12 09:02:20 jsm Exp $ */
/*
* Copyright (c) 1983, 1993
@@ -43,7 +43,7 @@
#if 0
static char sccsid[] = "@(#)cfscores.c 8.1 (Berkeley) 5/31/93";
#else
-__RCSID("$NetBSD: cfscores.c,v 1.7 1999/09/08 21:17:46 jsm Exp $");
+__RCSID("$NetBSD: cfscores.c,v 1.8 1999/09/12 09:02:20 jsm Exp $");
#endif
#endif /* not lint */
@@ -79,6 +79,9 @@
struct passwd *pw;
int uid;
+ /* Revoke setgid privileges */
+ setregid(getgid(), getgid());
+
if (argc > 2) {
printf("Usage: cfscores [user]\n");
exit(1);
diff -r 3d464b4983be -r 3b644252d7ad games/cribbage/crib.c
--- a/games/cribbage/crib.c Sun Sep 12 08:23:42 1999 +0000
+++ b/games/cribbage/crib.c Sun Sep 12 09:02:20 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: crib.c,v 1.11 1999/09/08 21:17:47 jsm Exp $ */
+/* $NetBSD: crib.c,v 1.12 1999/09/12 09:02:21 jsm Exp $ */
/*-
* Copyright (c) 1980, 1993
@@ -43,12 +43,13 @@
#if 0
static char sccsid[] = "@(#)crib.c 8.1 (Berkeley) 5/31/93";
#else
-__RCSID("$NetBSD: crib.c,v 1.11 1999/09/08 21:17:47 jsm Exp $");
+__RCSID("$NetBSD: crib.c,v 1.12 1999/09/12 09:02:21 jsm Exp $");
#endif
#endif /* not lint */
#include <curses.h>
#include <err.h>
+#include <fcntl.h>
#include <signal.h>
#include <stdlib.h>
#include <string.h>
@@ -69,6 +70,28 @@
BOOLEAN playing;
FILE *f;
int ch;
+ int fd;
+ int flags;
+
+ f = fopen(_PATH_LOG, "a");
+ if (f == NULL)
+ warn("fopen %s", _PATH_LOG);
+ if (f != NULL && fileno(f) < 3)
+ exit(1);
+
+ /* Revoke setgid privileges */
+ setregid(getgid(), getgid());
+
+ /* Set close-on-exec flag on log file */
+ if (f != NULL) {
+ fd = fileno(f);
+ flags = fcntl(fd, F_GETFD);
+ if (flags < 0)
+ err(1, "fcntl F_GETFD");
+ flags |= FD_CLOEXEC;
+ if (fcntl(fd, F_SETFD, flags) == -1)
+ err(1, "fcntl F_SETFD");
+ }
while ((ch = getopt(argc, argv, "eqr")) != -1)
switch (ch) {
@@ -129,14 +152,12 @@
playing = (getuchar() == 'Y');
} while (playing);
- if ((f = fopen(_PATH_LOG, "a")) != NULL) {
+ if (f != NULL) {
(void)fprintf(f, "%s: won %5.5d, lost %5.5d\n",
getlogin(), cgames, pgames);
(void) fclose(f);
}
bye();
- if (!f)
- errx(1, "can't open %s", _PATH_LOG);
exit(0);
}
diff -r 3d464b4983be -r 3b644252d7ad games/fish/fish.c
--- a/games/fish/fish.c Sun Sep 12 08:23:42 1999 +0000
+++ b/games/fish/fish.c Sun Sep 12 09:02:20 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: fish.c,v 1.9 1999/09/08 21:17:48 jsm Exp $ */
+/* $NetBSD: fish.c,v 1.10 1999/09/12 09:02:21 jsm Exp $ */
/*-
* Copyright (c) 1990, 1993
@@ -46,7 +46,7 @@
#if 0
static char sccsid[] = "@(#)fish.c 8.1 (Berkeley) 5/31/93";
#else
-__RCSID("$NetBSD: fish.c,v 1.9 1999/09/08 21:17:48 jsm Exp $");
+__RCSID("$NetBSD: fish.c,v 1.10 1999/09/12 09:02:21 jsm Exp $");
#endif
#endif /* not lint */
@@ -104,7 +104,8 @@
{
int ch, move;
- setgid(getgid());
+ /* Revoke setgid privileges */
+ setregid(getgid(), getgid());
while ((ch = getopt(argc, argv, "p")) != -1)
switch(ch) {
diff -r 3d464b4983be -r 3b644252d7ad games/gomoku/main.c
--- a/games/gomoku/main.c Sun Sep 12 08:23:42 1999 +0000
+++ b/games/gomoku/main.c Sun Sep 12 09:02:20 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: main.c,v 1.7 1999/09/08 21:45:27 jsm Exp $ */
+/* $NetBSD: main.c,v 1.8 1999/09/12 09:02:21 jsm Exp $ */
/*
* Copyright (c) 1994
@@ -46,7 +46,7 @@
#if 0
static char sccsid[] = "@(#)main.c 8.4 (Berkeley) 5/4/95";
#else
-__RCSID("$NetBSD: main.c,v 1.7 1999/09/08 21:45:27 jsm Exp $");
+__RCSID("$NetBSD: main.c,v 1.8 1999/09/12 09:02:21 jsm Exp $");
#endif
#endif /* not lint */
@@ -98,6 +98,9 @@
"%3d %-6s"
};
+ /* Revoke setgid privileges */
+ setregid(getgid(), getgid());
+
color = curmove = 0;
prog = strrchr(argv[0], '/');
diff -r 3d464b4983be -r 3b644252d7ad games/hangman/main.c
--- a/games/hangman/main.c Sun Sep 12 08:23:42 1999 +0000
+++ b/games/hangman/main.c Sun Sep 12 09:02:20 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: main.c,v 1.6 1999/09/08 21:45:28 jsm Exp $ */
+/* $NetBSD: main.c,v 1.7 1999/09/12 09:02:21 jsm Exp $ */
/*
* Copyright (c) 1983, 1993
@@ -43,7 +43,7 @@
#if 0
static char sccsid[] = "@(#)main.c 8.1 (Berkeley) 5/31/93";
#else
-__RCSID("$NetBSD: main.c,v 1.6 1999/09/08 21:45:28 jsm Exp $");
+__RCSID("$NetBSD: main.c,v 1.7 1999/09/12 09:02:21 jsm Exp $");
#endif
#endif /* not lint */
@@ -55,6 +55,9 @@
int
main(void)
{
+ /* Revoke setgid privileges */
+ setregid(getgid(), getgid());
+
initscr();
signal(SIGINT, die);
setup();
diff -r 3d464b4983be -r 3b644252d7ad games/mille/mille.c
--- a/games/mille/mille.c Sun Sep 12 08:23:42 1999 +0000
+++ b/games/mille/mille.c Sun Sep 12 09:02:20 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: mille.c,v 1.8 1999/09/08 21:45:28 jsm Exp $ */
+/* $NetBSD: mille.c,v 1.9 1999/09/12 09:02:21 jsm Exp $ */
/*
* Copyright (c) 1982, 1993
@@ -43,7 +43,7 @@
#if 0
static char sccsid[] = "@(#)mille.c 8.1 (Berkeley) 5/31/93";
#else
-__RCSID("$NetBSD: mille.c,v 1.8 1999/09/08 21:45:28 jsm Exp $");
+__RCSID("$NetBSD: mille.c,v 1.9 1999/09/12 09:02:21 jsm Exp $");
#endif
#endif /* not lint */
@@ -61,8 +61,8 @@
{
bool restore;
- /* run as the user */
- setuid(getuid());
+ /* Revoke setgid privileges */
+ setregid(getgid(), getgid());
if (strcmp(av[0], "a.out") == 0) {
outf = fopen("q", "w");
diff -r 3d464b4983be -r 3b644252d7ad games/monop/monop.c
--- a/games/monop/monop.c Sun Sep 12 08:23:42 1999 +0000
+++ b/games/monop/monop.c Sun Sep 12 09:02:20 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: monop.c,v 1.8 1999/09/09 17:27:59 jsm Exp $ */
+/* $NetBSD: monop.c,v 1.9 1999/09/12 09:02:22 jsm Exp $ */
/*
* Copyright (c) 1980, 1993
@@ -43,7 +43,7 @@
#if 0
static char sccsid[] = "@(#)monop.c 8.1 (Berkeley) 5/31/93";
#else
-__RCSID("$NetBSD: monop.c,v 1.8 1999/09/09 17:27:59 jsm Exp $");
+__RCSID("$NetBSD: monop.c,v 1.9 1999/09/12 09:02:22 jsm Exp $");
#endif
#endif /* not lint */
@@ -67,6 +67,9 @@
int ac;
char *av[];
{
+ /* Revoke setgid privileges */
+ setregid(getgid(), getgid());
+
srand(getpid());
if (ac > 1) {
if (!rest_f(av[1]))
diff -r 3d464b4983be -r 3b644252d7ad games/morse/morse.c
--- a/games/morse/morse.c Sun Sep 12 08:23:42 1999 +0000
+++ b/games/morse/morse.c Sun Sep 12 09:02:20 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: morse.c,v 1.7 1999/09/08 21:17:53 jsm Exp $ */
+/* $NetBSD: morse.c,v 1.8 1999/09/12 09:02:22 jsm Exp $ */
/*
* Copyright (c) 1988, 1993
@@ -43,7 +43,7 @@
#if 0
static char sccsid[] = "@(#)morse.c 8.1 (Berkeley) 5/31/93";
#else
-__RCSID("$NetBSD: morse.c,v 1.7 1999/09/08 21:17:53 jsm Exp $");
+__RCSID("$NetBSD: morse.c,v 1.8 1999/09/12 09:02:22 jsm Exp $");
#endif
#endif /* not lint */
@@ -114,6 +114,9 @@
int ch;
char *s, *p;
+ /* Revoke setgid privileges */
+ setregid(getgid(), getgid());
+
while ((ch = getopt(argc, argv, "ds")) != -1)
switch((char)ch) {
case 'd':
diff -r 3d464b4983be -r 3b644252d7ad games/ppt/ppt.c
Home |
Main Index |
Thread Index |
Old Index