Relinguish SGID games, restore it only when opening the score file

4 files changed, 12 insertions, 2 deletions

diff --git a/games/tetris/scores.c b/games/tetris/scores.c
index af3f348b649..1dddd6408cf 100644
--- a/games/tetris/scores.c
+++ b/games/tetris/scores.c
@@ -53,6 +53,7 @@
 #include <string.h>
 #include <time.h>
 #include <unistd.h>
+#include <sys/stat.h>
 
 /*
  * XXX - need a <termcap.h>
@@ -99,7 +100,7 @@ static void
 getscores(fpp)
 	FILE **fpp;
 {
-	int sd, mint, lck;
+	int sd, mint, lck, mask;
 	char *mstr, *human;
 	FILE *sf;
 
@@ -114,7 +115,10 @@ getscores(fpp)
 		human = "reading";
 		lck = LOCK_SH;
 	}
+	setegid(egid);
+	mask = umask(S_IWOTH);
 	sd = open(_PATH_SCOREFILE, mint, 0666);
+	(void)umask(mask);
 	if (sd < 0) {
 		if (fpp == NULL) {
 			nscores = 0;
@@ -129,6 +133,7 @@ getscores(fpp)
 		    _PATH_SCOREFILE, human, strerror(errno));
 		exit(1);
 	}
+	setegid(gid);
 
 	/*
 	 * Grab a lock.
diff --git a/games/tetris/shapes.c b/games/tetris/shapes.c
index 5421bcf0ef8..8e4525cc911 100644
--- a/games/tetris/shapes.c
+++ b/games/tetris/shapes.c
@@ -44,7 +44,7 @@
  * Note that the first 7 are `well known'.
  */
 
-#include <sys/cdefs.h>
+#include <unistd.h>
 #include "tetris.h"
 
 #define	TL	-B_COLS-1	/* top left */
diff --git a/games/tetris/tetris.c b/games/tetris/tetris.c
index ababeedafea..8eeb60d511e 100644
--- a/games/tetris/tetris.c
+++ b/games/tetris/tetris.c
@@ -126,6 +126,10 @@ main(argc, argv)
 
 	keys = "jkl pq";
 
+	gid = getgid();
+	egid = getegid();
+	setegid(gid);
+
 	while ((ch = getopt(argc, argv, "k:l:s")) != EOF)
 		switch(ch) {
 		case 'k':
diff --git a/games/tetris/tetris.h b/games/tetris/tetris.h
index 90e9c5d59d3..1e995c32a64 100644
--- a/games/tetris/tetris.h
+++ b/games/tetris/tetris.h
@@ -163,6 +163,7 @@ long	fallrate;		/* less than 1 million; smaller => faster */
  * still be moved or rotated).
  */
 int	score;			/* the obvious thing */
+gid_t	gid, egid;
 
 char	key_msg[100];