diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 1996-06-10 04:45:31 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 1996-06-10 04:45:31 +0000 |
| commit | 7b4cbf83946cbb91e3fd2bf61fe046dfd5c4ee5f (patch) | |
| tree | b5f687fc83f229a41b2f9ca21efa88f9abdb089d | |
| parent | d33c9b2df3efffe546c33096d0a3122edf923b40 (diff) | |
security fixes
| -rw-r--r-- | games/larn/bill.c | 8 | ||||
| -rw-r--r-- | games/larn/header.h | 5 | ||||
| -rw-r--r-- | games/larn/main.c | 6 | ||||
| -rw-r--r-- | games/larn/scores.c | 20 |
4 files changed, 30 insertions, 9 deletions
diff --git a/games/larn/bill.c b/games/larn/bill.c index 5362502378b..324de485da6 100644 --- a/games/larn/bill.c +++ b/games/larn/bill.c @@ -1,4 +1,4 @@ -/* $NetBSD: bill.c,v 1.3 1995/03/23 08:33:10 cgd Exp $ */ +/* $NetBSD: bill.c,v 1.3.6.1 1996/05/27 15:54:11 mrg Exp $ */ /*- * Copyright (c) 1991 The Regents of the University of California. @@ -37,7 +37,7 @@ #if 0 static char sccsid[] = "@(#)bill.c 5.2 (Berkeley) 5/28/91"; #else -static char rcsid[] = "$NetBSD: bill.c,v 1.3 1995/03/23 08:33:10 cgd Exp $"; +static char rcsid[] = "$NetBSD: bill.c,v 1.3.6.1 1996/05/27 15:54:11 mrg Exp $"; #endif #endif /* not lint */ @@ -134,8 +134,8 @@ mailbill() cp = mail; sprintf(fname, "/tmp/#%dlarnmail", getpid()); for (i = 0; i < 6; i++) { - if ((fd = open(fname, O_WRONLY | O_TRUNC | O_CREAT), - 0666) == -1) + if ((fd = open(fname, O_WRONLY | O_TRUNC | O_CREAT, + 0666)) == -1) exit(0); while (*cp != NULL) { if (*cp[0] == '1') { diff --git a/games/larn/header.h b/games/larn/header.h index 01b7487bd08..e76da385807 100644 --- a/games/larn/header.h +++ b/games/larn/header.h @@ -1,7 +1,9 @@ -/* $NetBSD: header.h,v 1.7 1995/04/24 12:23:54 cgd Exp $ */ +/* $NetBSD: header.h,v 1.7.6.1 1996/05/27 15:54:20 mrg Exp $ */ /* header.h Larn is copyrighted 1986 by Noah Morgan. */ +#include <sys/types.h> + #define MAXLEVEL 11 /* max # levels in the dungeon */ #define MAXVLEVEL 3 @@ -346,6 +348,7 @@ extern short diroffx[],diroffy[],hitflag,hit2flag,hit3flag,hitp[MAXX][MAXY]; extern short iarg[MAXX][MAXY],ivenarg[],lasthx,lasthy,lastnum,lastpx,lastpy; extern short nobeep,oldx,oldy,playerx,playery; extern int dayplay,enable_scroll,srcount,yrepcount,userid,wisid,lfd,fd; +extern uid_t uid, euid; extern long initialtime,outstanding_taxes,skill[],gtime,c[],cbak[]; extern unsigned long randx; extern struct cel *cell; diff --git a/games/larn/main.c b/games/larn/main.c index fa7c3683bcd..e80b154908b 100644 --- a/games/larn/main.c +++ b/games/larn/main.c @@ -1,5 +1,5 @@ #ifndef lint -static char rcsid[] = "$NetBSD: main.c,v 1.7 1995/04/24 12:24:01 cgd Exp $"; +static char rcsid[] = "$NetBSD: main.c,v 1.7.6.1 1996/05/27 15:54:26 mrg Exp $"; #endif /* not lint */ /* main.c */ @@ -13,6 +13,7 @@ int srcount=0; /* line counter for showstr() */ int dropflag=0; /* if 1 then don't lookforobject() next round */ int rmst=80; /* random monster creation counter */ int userid; /* the players login user id number */ +uid_t uid, euid; /* used for security */ char nowelcome=0,nomove=0; /* if (nomove) then don't count next iteration as a move */ static char viewflag=0; /* if viewflag then we have done a 99 stay here and don't showcell in the main loop */ @@ -48,6 +49,9 @@ main(argc,argv) char *ptr=0,*ttype; struct passwd *pwe; + euid = geteuid(); + uid = getuid(); + seteuid(uid); /* give up "games" if we have it */ /* * first task is to identify the player */ diff --git a/games/larn/scores.c b/games/larn/scores.c index 8a2fac26a34..a165cfefd0a 100644 --- a/games/larn/scores.c +++ b/games/larn/scores.c @@ -1,5 +1,5 @@ #ifndef lint -static char rcsid[] = "$NetBSD: scores.c,v 1.5 1995/04/24 12:24:08 cgd Exp $"; +static char rcsid[] = "$NetBSD: scores.c,v 1.5.6.1 1996/05/27 15:54:33 mrg Exp $"; #endif /* not lint */ /* scores.c Larn is copyrighted 1986 by Noah Morgan. @@ -101,7 +101,12 @@ static char *whydead[] = { */ readboard() { - if (lopen(scorefile)<0) + int i; + + seteuid(euid); + i = lopen(scorefile); + seteuid(uid); + if (i<0) { lprcat("Can't read scoreboard\n"); lflush(); return(-1); } lrfill((char*)sco,sizeof(sco)); lrfill((char*)winr,sizeof(winr)); lrclose(); lcreat((char*)0); return(0); @@ -114,8 +119,13 @@ readboard() */ writeboard() { + int i; + set_score_output(); - if (lcreat(scorefile)<0) + seteuid(euid); + i = lcreat(scorefile); + seteuid(uid); + if (i<0) { lprcat("Can't write scoreboard\n"); lflush(); return(-1); } lwrite((char*)sco,sizeof(sco)); lwrite((char*)winr,sizeof(winr)); lwclose(); lcreat((char*)0); return(0); @@ -135,7 +145,9 @@ makeboard() winr[i].order = sco[i].order = i; } if (writeboard()) return(-1); + seteuid(euid); chmod(scorefile,0660); + seteuid(uid); return(0); } @@ -512,7 +524,9 @@ invalid: lprcat("\nCan't open record file: I can't post your score.\n"); sncbr(); resetscroll(); lflush(); exit(); } + seteuid(euid); chmod(logfile,0660); + seteuid(uid); } strcpy(logg.who,loginname); logg.score = c[GOLD]; logg.diff = c[HARDGAME]; |