From 34a13bf4cb36b9ba554bf9593c9b180b91988d8d Mon Sep 17 00:00:00 2001 From: Eivind Eklund Date: Mon, 1 Sep 1997 00:34:51 +0000 Subject: [PATCH] Change games from setuid games to setgid games. Reviewed by: maybe@yes.no Obtained from: OpenBSD (mostly deraadt@openbsd.org) --- etc/mtree/BSD.usr.dist | 4 ++-- etc/mtree/BSD.var.dist | 12 +++++----- games/Makefile.inc | 6 ++--- games/adventure/hdr.h | 5 ++++- games/adventure/main.c | 7 ++++-- games/adventure/save.c | 22 ++++++++----------- games/adventure/vocab.c | 8 +++---- games/atc/main.c | 4 ++++ games/backgammon/backgammon/main.c | 4 ++++ games/backgammon/teachgammon/teach.c | 7 +++--- games/battlestar/battlestar.c | 6 +++++ games/battlestar/com6.c | 28 +++++++++++++---------- games/battlestar/externs.h | 3 +++ games/battlestar/save.c | 11 +++++++++- games/bcd/bcd.c | 4 ++++ games/bs/bs.c | 4 ++++ games/caesar/caesar.c | 4 ++++ games/canfield/canfield/canfield.c | 7 +++++- games/canfield/cfscores/cfscores.c | 5 +++++ games/cribbage/crib.c | 6 +++++ games/dm/Makefile | 4 ++-- games/dm/dm.c | 33 ++++++++++++++++------------ games/factor/factor.c | 4 ++++ games/grdc/grdc.c | 4 ++++ games/hack/hack.main.c | 6 +++-- games/hack/hack.pager.c | 5 +++-- games/hangman/main.c | 4 ++++ games/mille/mille.c | 5 +++-- games/morse/morse.c | 4 ++++ games/number/number.c | 4 ++++ games/pig/pig.c | 4 ++++ games/pom/pom.c | 4 ++++ games/ppt/ppt.c | 4 ++++ games/primes/primes.c | 4 ++++ games/quiz/quiz.c | 4 ++++ games/rain/rain.c | 4 ++++ games/random/random.c | 4 ++++ games/robots/main.c | 6 +++-- games/snake/snake/snake.c | 16 ++++++++++---- games/snake/snscore/snscore.c | 6 +++++ games/trek/main.c | 2 ++ games/worm/worm.c | 4 ++++ games/worms/worms.c | 4 ++++ games/wump/wump.c | 4 ++++ 44 files changed, 224 insertions(+), 76 deletions(-) diff --git a/etc/mtree/BSD.usr.dist b/etc/mtree/BSD.usr.dist index 8a705bc4c14f..a95aa98dc7cf 100644 --- a/etc/mtree/BSD.usr.dist +++ b/etc/mtree/BSD.usr.dist @@ -1,4 +1,4 @@ -# $Id: BSD.usr.dist,v 1.95 1997/08/12 15:54:05 ache Exp $ +# $Id: BSD.usr.dist,v 1.96 1997/08/18 00:08:16 jdp Exp $ # /set type=dir uname=bin gname=bin mode=0755 @@ -7,7 +7,7 @@ .. /set type=dir uname=games gname=bin mode=0700 games uname=bin mode=0755 - hide + hide gname=games uname=root mode=0550 .. .. /set type=dir uname=bin gname=bin mode=0755 diff --git a/etc/mtree/BSD.var.dist b/etc/mtree/BSD.var.dist index 735a04374d48..54caab9b8d8a 100644 --- a/etc/mtree/BSD.var.dist +++ b/etc/mtree/BSD.var.dist @@ -1,4 +1,4 @@ -# $Id: BSD.var.dist,v 1.30 1997/05/03 20:15:15 jkh Exp $ +# $Id: BSD.var.dist,v 1.31 1997/07/29 11:23:14 ache Exp $ # /set type=dir uname=bin gname=bin mode=0755 @@ -23,13 +23,13 @@ .. db uname=bin gname=bin mode=0755 .. -/set type=dir uname=games gname=bin mode=0755 - games - hackdir +/set type=dir uname=root gname=bin mode=0755 + games gname=games mode=0775 + hackdir gname=games mode=0775 .. - larn + larn gname=games mode=0775 .. - phantasia + phantasia gname=games mode=0775 .. .. log uname=bin diff --git a/games/Makefile.inc b/games/Makefile.inc index e3805f5a75fb..acf28b792e43 100644 --- a/games/Makefile.inc +++ b/games/Makefile.inc @@ -1,9 +1,9 @@ # @(#)Makefile.inc 8.1 (Berkeley) 5/31/93 -BINOWN= games +BINGRP= games .if defined(HIDEGAME) -BINDIR= /usr/games/hide -BINMODE= 4700 +BINDIR?= /usr/games/hide +BINMODE= 550 .else BINDIR= /usr/games .endif diff --git a/games/adventure/hdr.h b/games/adventure/hdr.h index c77663a8ade4..6c8a1fdaa7ab 100644 --- a/games/adventure/hdr.h +++ b/games/adventure/hdr.h @@ -52,6 +52,7 @@ */ /* hdr.h: included by c advent files */ +#include int datfd; /* message file descriptor */ int delhit; @@ -128,7 +129,7 @@ int hntmax; int hints[20][5]; /* info on hints */ int hinted[20],hintlc[20]; -int place[101], prop[101],link[201]; +int place[101], prop[101],linkx[201]; int abb[LOCSIZ]; int maxtrs,tally,tally2; /* treasure values */ @@ -161,3 +162,5 @@ unsigned long crc(); /* We need to get a little tricky to avoid strings */ #define DECR(a,b,c,d,e) decr('a'+'+','b'+'-','c'+'#','d'+'&','e'+'%') + +gid_t egid; diff --git a/games/adventure/main.c b/games/adventure/main.c index 89629dfd12c3..3d7fb9a9ca1a 100644 --- a/games/adventure/main.c +++ b/games/adventure/main.c @@ -64,6 +64,9 @@ char **argv; struct text *kk; extern trapdel(); + egid = getegid(); + setegid(getgid()); + init(); /* Initialize everything */ signal(2,trapdel); @@ -117,7 +120,7 @@ char **argv; if (loc==33 && pct(25)&&!closng) rspeak(8); if (!dark(0)) { abb[loc]++; - for (i=atloc[loc]; i!=0; i=link[i]) /*2004 */ + for (i=atloc[loc]; i!=0; i=linkx[i]) /*2004 */ { obj=i; if (obj>100) obj -= 100; if (obj==steps && toting(nugget)) continue; @@ -261,7 +264,7 @@ char **argv; l4080: switch(verb) { case 1: /* take = 8010 */ - if (atloc[loc]==0||link[atloc[loc]]!=0) goto l8000; + if (atloc[loc]==0||linkx[atloc[loc]]!=0) goto l8000; for (i=1; i<=5; i++) if (dloc[i]==loc&&dflag>=2) goto l8000; obj=atloc[loc]; diff --git a/games/adventure/save.c b/games/adventure/save.c index 6784fefe1289..763e56bd84c8 100644 --- a/games/adventure/save.c +++ b/games/adventure/save.c @@ -108,7 +108,7 @@ struct savestruct save_array[] = dseen, sizeof(dseen), fixed, sizeof(fixed), hinted, sizeof(hinted), - link, sizeof(link), + linkx, sizeof(linkx), odloc, sizeof(odloc), place, sizeof(place), prop, sizeof(prop), @@ -125,24 +125,23 @@ char *outfile; /* to output the data using checksum to start random #s */ char *s; long sum; int i; - uid_t euid_save; crc_start(); for (p = save_array; p->address != NULL; p++) sum = crc(p->address, p->width); srandom((int) sum); - euid_save = geteuid(); - seteuid(getuid()); - + setegid(egid); if ((out = fopen(outfile, "wb")) == NULL) { fprintf(stderr, "Hmm. The name \"%s\" appears to be magically blocked.\n", outfile); - seteuid(euid_save); + setegid(getgid()); return 1; } + setegid(getgid()); + fwrite(&sum, sizeof(sum), 1, out); /* Here's the random() key */ for (p = save_array; p->address != NULL; p++) { @@ -151,7 +150,6 @@ char *outfile; /* to output the data using checksum to start random #s */ fwrite(p->address, p->width, 1, out); } fclose(out); - seteuid(euid_save); return 0; } @@ -163,19 +161,18 @@ char *infile; char *s; long sum, cksum; int i; - uid_t euid_save; - - euid_save = geteuid(); - seteuid(euid_save); + setegid(egid); if ((in = fopen(infile, "rb")) == NULL) { fprintf(stderr, "Hmm. The file \"%s\" appears to be magically blocked.\n", infile); - seteuid(euid_save); + setegid(getgid()); return 1; } + setegid(getgid()); + fread(&sum, sizeof(sum), 1, in); /* Get the seed */ srandom((int) sum); for (p = save_array; p->address != NULL; p++) @@ -185,7 +182,6 @@ char *infile; *s = (*s ^ random()) & 0xFF; /* Lightly decrypt */ } fclose(in); - seteuid(euid_save); crc_start(); /* See if she cheated */ for (p = save_array; p->address != NULL; p++) diff --git a/games/adventure/vocab.c b/games/adventure/vocab.c index b34b42ef238f..357e238dd0c3 100644 --- a/games/adventure/vocab.c +++ b/games/adventure/vocab.c @@ -91,11 +91,11 @@ int object,where; holdng++; } if (atloc[where]==object) - { atloc[where]=link[object]; + { atloc[where]=linkx[object]; return; } - for (temp=atloc[where]; link[temp]!=object; temp=link[temp]); - link[temp]=link[object]; + for (temp=atloc[where]; linkx[temp]!=object; temp=linkx[temp]); + linkx[temp]=linkx[object]; } @@ -107,7 +107,7 @@ int object,where; place[object]=where; } if (where<=0) return; - link[object]=atloc[where]; + linkx[object]=atloc[where]; atloc[where]=object; } diff --git a/games/atc/main.c b/games/atc/main.c index 762c2bc3eca3..6ba227cf2de1 100644 --- a/games/atc/main.c +++ b/games/atc/main.c @@ -70,6 +70,10 @@ main(ac, av) extern char *default_game(), *okay_game(); extern void log_score(), quit(), update(); + /* revoke privs */ + setegid(getgid()); + setgid(getgid()); + start_time = seed = time(0); name = *av++; diff --git a/games/backgammon/backgammon/main.c b/games/backgammon/backgammon/main.c index 97f0c6a937f9..270e1f55e5ad 100644 --- a/games/backgammon/backgammon/main.c +++ b/games/backgammon/backgammon/main.c @@ -110,6 +110,10 @@ char **argv; uid = getuid(); setreuid (uid,uid); + /* revoke privs */ + setegid(getgid()); + setgid(getgid()); + /* initialization */ bflag = 2; /* default no board */ acnt = 1; /* Nuber of args */ diff --git a/games/backgammon/teachgammon/teach.c b/games/backgammon/teachgammon/teach.c index bae186c304b2..1c70b04f0189 100644 --- a/games/backgammon/teachgammon/teach.c +++ b/games/backgammon/teachgammon/teach.c @@ -80,11 +80,10 @@ char **argv; { register int i; - uid_t uid; - /*Drop the privilege.*/ - uid = getuid(); - setreuid (uid,uid); + /* revoke privs */ + setegid(getgid()); + setgid(getgid()); acnt = 1; signal (2,getout); diff --git a/games/battlestar/battlestar.c b/games/battlestar/battlestar.c index 48fb8b368910..144e72fe114f 100644 --- a/games/battlestar/battlestar.c +++ b/games/battlestar/battlestar.c @@ -57,6 +57,12 @@ char **argv; char mainbuf[LINELENGTH]; char *next; + open_score_file(); + + /* revoke privs. */ + egid = getegid(); + setegid(getgid()); + initialize(argc < 2 || strcmp(argv[1], "-r")); start: news(); diff --git a/games/battlestar/com6.c b/games/battlestar/com6.c index 146bb8c90665..5d196314e3ee 100644 --- a/games/battlestar/com6.c +++ b/games/battlestar/com6.c @@ -91,10 +91,17 @@ live() #include +static FILE *score_fp; + +open_score_file() +{ + if ((score_fp = fopen(_PATH_SCORE,"a")) == NULL) + perror(_PATH_SCORE); +} + post(ch) char ch; { - FILE *fp; struct timeval tv; char *date, *ctime(); int s = sigblock(sigmask(SIGINT)); @@ -102,16 +109,15 @@ char ch; gettimeofday(&tv, (struct timezone *)0); /* can't call time */ date = ctime(&tv.tv_sec); date[24] = '\0'; - if (fp = fopen(_PATH_SCORE,"a")) { - fprintf(fp, "%s %8s %c%20s", date, uname, ch, rate()); - if (wiz) - fprintf(fp, " wizard\n"); - else if (tempwiz) - fprintf(fp, " WIZARD!\n"); - else - fprintf(fp, "\n"); - } else - perror(_PATH_SCORE); + + fprintf(score_fp, "%s %8s %c%20s", date, uname, ch, rate()); + if (wiz) + fprintf(score_fp, " wizard\n"); + else if (tempwiz) + fprintf(score_fp, " WIZARD!\n"); + else + fprintf(score_fp, "\n"); + sigsetmask(s); } diff --git a/games/battlestar/externs.h b/games/battlestar/externs.h index 2d853521cfdb..d6ff2c9710fc 100644 --- a/games/battlestar/externs.h +++ b/games/battlestar/externs.h @@ -33,6 +33,7 @@ * @(#)externs.h 8.1 (Berkeley) 5/31/93 */ +#include #include #include #include @@ -298,3 +299,5 @@ struct objs { }; struct objs dayobjs[]; struct objs nightobjs[]; + +gid_t egid; diff --git a/games/battlestar/save.c b/games/battlestar/save.c index ec4b4f5ea450..8b7250664902 100644 --- a/games/battlestar/save.c +++ b/games/battlestar/save.c @@ -55,10 +55,13 @@ restore() sprintf(home1, "%.*s/Bstar", MAXPATHLEN - 7, home); else return; + setegid(egid); if ((fp = fopen(home1, "r")) == 0) { perror(home1); + setegid(getgid()); return; } + setegid(getgid()); fread(&WEIGHT, sizeof WEIGHT, 1, fp); fread(&CUMBER, sizeof CUMBER, 1, fp); fread(&gclock, sizeof gclock, 1, fp); @@ -112,30 +115,36 @@ save() return; sprintf(home1, "%.*s/Bstar", MAXPATHLEN - 7, home); + setegid(egid); /* Try to open the file safely. */ if (stat(home1, &sbuf) < 0) { fd = open(home1, O_WRONLY|O_CREAT|O_EXCL); if (fd < 0) { fprintf(stderr, "Can't create %s\n", home1); + setegid(getgid()); return; } } else { - if (sbuf.st_nlink > 1) { + if (sbuf.st_mode & S_IFLNK) { fprintf(stderr, "No symlinks!\n"); + setegid(getgid()); return; } fd = open(home1, O_WRONLY|O_EXCL); if (fd < 0) { fprintf(stderr, "Can't open %s for writing\n", home1); + setegid(getgid()); return; } } if ((fp = fdopen(fd, "w")) == 0) { perror(home1); + setegid(getgid()); return; } + setegid(getgid()); printf("Saved in %s.\n", home1); fwrite(&WEIGHT, sizeof WEIGHT, 1, fp); diff --git a/games/bcd/bcd.c b/games/bcd/bcd.c index 53765daac2a9..cb0b3f9a1ed9 100644 --- a/games/bcd/bcd.c +++ b/games/bcd/bcd.c @@ -131,6 +131,10 @@ main(argc, argv) * but this seems kind of silly. So this one doesn't. */ + /* revoke privs */ + setegid(getgid()); + setgid(getgid()); + if (argc > 1) { while (--argc) printcard(*++argv); diff --git a/games/bs/bs.c b/games/bs/bs.c index f28d4c7119fc..887eb2adb196 100644 --- a/games/bs/bs.c +++ b/games/bs/bs.c @@ -1202,6 +1202,10 @@ main(argc, argv) int argc; char *argv[]; { + /* revoke privs */ + setegid(getgid()); + setgid(getgid()); + do_options(argc, argv); intro(); diff --git a/games/caesar/caesar.c b/games/caesar/caesar.c index 749da50d7fb7..8357b722122f 100644 --- a/games/caesar/caesar.c +++ b/games/caesar/caesar.c @@ -83,6 +83,10 @@ void main(argc, argv) register char *inbuf; int obs[26], try, winner; + /* revoke privs */ + setegid(getgid()); + setgid(getgid()); + if (argc > 1) printit(argv[1]); diff --git a/games/canfield/canfield/canfield.c b/games/canfield/canfield/canfield.c index aec376d6b451..f13fed6c128e 100644 --- a/games/canfield/canfield/canfield.c +++ b/games/canfield/canfield/canfield.c @@ -1570,10 +1570,10 @@ initall() srandom(getpid()); time(&acctstart); initdeck(deck); - uid = getuid(); if (uid < 0) uid = 0; dbfd = open(_PATH_SCORE, 2); + setegid(getgid()); if (dbfd < 0) return; i = lseek(dbfd, uid * sizeof(struct betinfo), 0); @@ -1691,6 +1691,11 @@ main(argc, argv) raw(); noecho(); initall(); + + /* revoke privs */ + setegid(getgid()); + setgid(getgid()); + instruct(); makeboard(); for (;;) { diff --git a/games/canfield/cfscores/cfscores.c b/games/canfield/cfscores/cfscores.c index f758cf1034c0..3be6b2541ad0 100644 --- a/games/canfield/cfscores/cfscores.c +++ b/games/canfield/cfscores/cfscores.c @@ -74,6 +74,11 @@ main(argc, argv) perror(_PATH_SCORE); exit(2); } + + /* revoke privs */ + setegid(getgid()); + setgid(getgid()); + setpwent(); if (argc == 1) { uid = getuid(); diff --git a/games/cribbage/crib.c b/games/cribbage/crib.c index 16233aef9890..bc55c116aaeb 100644 --- a/games/cribbage/crib.c +++ b/games/cribbage/crib.c @@ -60,6 +60,10 @@ main(argc, argv) BOOLEAN playing; FILE *f; int ch; + gid_t egid; + + egid = getegid(); + setegid(getgid()); while ((ch = getopt(argc, argv, "eqr")) != EOF) switch (ch) { @@ -120,11 +124,13 @@ main(argc, argv) playing = (getuchar() == 'Y'); } while (playing); + setegid(egid); if (f = fopen(_PATH_LOG, "a")) { (void)fprintf(f, "%s: won %5.5d, lost %5.5d\n", getlogin(), cgames, pgames); (void) fclose(f); } + setegid(getgid()); bye(); if (!f) { (void) fprintf(stderr, "\ncribbage: can't open %s.\n", diff --git a/games/dm/Makefile b/games/dm/Makefile index c44bd53e37f0..199a07e49de8 100644 --- a/games/dm/Makefile +++ b/games/dm/Makefile @@ -4,7 +4,7 @@ PROG= dm MAN8= dm.8 MAN5= dm.conf.5 -BINMODE=4555 -BINOWN= games +BINGRP= games +BINMODE=2555 .include diff --git a/games/dm/dm.c b/games/dm/dm.c index 7e8d6dc72fce..5977fcc76e89 100644 --- a/games/dm/dm.c +++ b/games/dm/dm.c @@ -47,6 +47,7 @@ static char sccsid[] = "@(#)dm.c 8.1 (Berkeley) 5/31/93"; #include #include +#include #include #include #include @@ -71,7 +72,7 @@ main(argc, argv) char *cp; nogamefile(); - game = (cp = rindex(*argv, '/')) ? ++cp : *argv; + game = (cp = strrchr(*argv, '/')) ? ++cp : *argv; if (!strcmp(game, "dm")) exit(0); @@ -95,11 +96,15 @@ play(args) { char pbuf[MAXPATHLEN]; + if (sizeof(_PATH_HIDE) + strlen(game) > sizeof(pbuf)) { + (void)fprintf(stderr, "dm: %s/%s: %s\n", _PATH_HIDE, game, + strerror(ENAMETOOLONG)); + exit(1); + } (void)strcpy(pbuf, _PATH_HIDE); (void)strcpy(pbuf + sizeof(_PATH_HIDE) - 1, game); if (priority > 0) /* < 0 requires root */ (void)setpriority(PRIO_PROCESS, 0, priority); - setgid(getgid()); /* we run setgid kmem; lose it */ execv(pbuf, args); (void)fprintf(stderr, "dm: %s: %s\n", pbuf, strerror(errno)); exit(1); @@ -162,11 +167,11 @@ c_day(s_day, s_start, s_stop) start = atoi(s_start); stop = atoi(s_stop); if (ct->tm_hour >= start && ct->tm_hour < stop) { - fputs("dm: Sorry, games are not available from ", stderr); + (void)fputs("dm: Sorry, games are not available from ", stderr); hour(start); - fputs(" to ", stderr); + (void)fputs(" to ", stderr); hour(stop); - fputs(" today.\n", stderr); + (void)fputs(" today.\n", stderr); exit(0); } } @@ -182,12 +187,12 @@ c_tty(tty) static char *p_tty; if (first) { - p_tty = rindex(gametty, '/'); + p_tty = strrchr(gametty, '/'); first = 0; } if (!strcmp(gametty, tty) || p_tty && !strcmp(p_tty, tty)) { - fprintf(stderr, "dm: Sorry, you may not play games on %s.\n", gametty); + (void)fprintf(stderr, "dm: Sorry, you may not play games on %s.\n", gametty); exit(0); } } @@ -208,11 +213,11 @@ c_game(s_game, s_load, s_users, s_priority) return; ++found; if (isdigit(*s_load) && atoi(s_load) < load()) { - fputs("dm: Sorry, the load average is too high right now.\n", stderr); + (void)fputs("dm: Sorry, the load average is too high right now.\n", stderr); exit(0); } if (isdigit(*s_users) && atoi(s_users) <= users()) { - fputs("dm: Sorry, there are too many users logged on right now.\n", stderr); + (void)fputs("dm: Sorry, there are too many users logged on right now.\n", stderr); exit(0); } if (isdigit(*s_priority)) @@ -229,7 +234,7 @@ load() double avenrun[3]; if (getloadavg(avenrun, sizeof(avenrun)/sizeof(avenrun[0])) < 0) { - fputs("dm: getloadavg() failed.\n", stderr); + (void)fputs("dm: getloadavg() failed.\n", stderr); exit(1); } return(avenrun[2]); @@ -281,16 +286,16 @@ hour(h) { switch(h) { case 0: - fputs("midnight", stderr); + (void)fputs("midnight", stderr); break; case 12: - fputs("noon", stderr); + (void)fputs("noon", stderr); break; default: if (h > 12) - fprintf(stderr, "%dpm", h - 12); + (void)fprintf(stderr, "%dpm", h - 12); else - fprintf(stderr, "%dam", h); + (void)fprintf(stderr, "%dam", h); } } diff --git a/games/factor/factor.c b/games/factor/factor.c index 92f7415369a1..eeb064e43916 100644 --- a/games/factor/factor.c +++ b/games/factor/factor.c @@ -94,6 +94,10 @@ main(argc, argv) int ch; char *p, buf[100]; /* > max number of digits. */ + /* revoke privs */ + setegid(getgid()); + setgid(getgid()); + while ((ch = getopt(argc, argv, "")) != EOF) switch (ch) { case '?': diff --git a/games/grdc/grdc.c b/games/grdc/grdc.c index ebb3293b51f7..6e7b0d1226dd 100644 --- a/games/grdc/grdc.c +++ b/games/grdc/grdc.c @@ -56,6 +56,10 @@ int n = 0; initscr(); + /* revoke privs */ + setegid(getgid()); + setgid(getgid()); + signal(SIGINT,sighndl); signal(SIGTERM,sighndl); signal(SIGHUP,sighndl); diff --git a/games/hack/hack.main.c b/games/hack/hack.main.c index d2d59a2f3356..673a795aba97 100644 --- a/games/hack/hack.main.c +++ b/games/hack/hack.main.c @@ -116,6 +116,7 @@ char *argv[]; */ gettty(); setbuf(stdout,obuf); + umask(007); setrandom(); startup(); cls(); @@ -458,8 +459,9 @@ boolean wr; && strcmp(dir, HACKDIR) /* and not the default? */ #endif ) { - (void) setuid(getuid()); /* Ron Wessels */ - (void) setgid(getgid()); + /* revoke */ + setegid(getgid()); + setgid(getgid()); } #endif diff --git a/games/hack/hack.pager.c b/games/hack/hack.pager.c index b1edb9164e8c..1854f2215693 100644 --- a/games/hack/hack.pager.c +++ b/games/hack/hack.pager.c @@ -378,8 +378,9 @@ child(wt) { f = fork(); if(f == 0){ /* child */ settty((char *) 0); /* also calls end_screen() */ - (void) setuid(getuid()); - (void) setgid(getgid()); + /* revoke */ + setegid(getgid()); + setgid(getgid()); #ifdef CHDIR (void) chdir(getenv("HOME")); #endif CHDIR diff --git a/games/hangman/main.c b/games/hangman/main.c index d66b160be1ec..7edc27f11b6b 100644 --- a/games/hangman/main.c +++ b/games/hangman/main.c @@ -50,6 +50,10 @@ main() { void die(); + /* revoke */ + setegid(getgid()); + setgid(getgid()); + initscr(); signal(SIGINT, die); setup(); diff --git a/games/mille/mille.c b/games/mille/mille.c index 3e3c61426ca3..ccde9520a40b 100644 --- a/games/mille/mille.c +++ b/games/mille/mille.c @@ -59,8 +59,9 @@ reg char *av[]; { reg bool restore; - /* run as the user */ - setuid(getuid()); + /* revoke */ + setegid(getgid()); + setgid(getgid()); if (strcmp(av[0], "a.out") == 0) { outf = fopen("q", "w"); diff --git a/games/morse/morse.c b/games/morse/morse.c index a78e29fe313b..a146669cf5c4 100644 --- a/games/morse/morse.c +++ b/games/morse/morse.c @@ -212,6 +212,10 @@ main(int argc, char **argv) register int ch; register char *p; + /* revoke */ + setegid(getgid()); + setgid(getgid()); + while ((ch = getopt(argc, argv, "spw:f:")) != EOF) switch ((char) ch) { case 'f': diff --git a/games/number/number.c b/games/number/number.c index cc7b85d11512..d7c55bff91d0 100644 --- a/games/number/number.c +++ b/games/number/number.c @@ -91,6 +91,10 @@ main(argc, argv) int ch, first; char line[256]; + /* revoke */ + setegid(getgid()); + setgid(getgid()); + lflag = 0; while ((ch = getopt(argc, argv, "l")) != EOF) switch (ch) { diff --git a/games/pig/pig.c b/games/pig/pig.c index b2f9112c958b..f62e2cda09e4 100644 --- a/games/pig/pig.c +++ b/games/pig/pig.c @@ -61,6 +61,10 @@ main(argc, argv) int ch; char buf[1024]; + /* revoke */ + setegid(getgid()); + setgid(getgid()); + while ((ch = getopt(argc, argv, "")) != EOF) switch(ch) { case '?': diff --git a/games/pom/pom.c b/games/pom/pom.c index afc57cbcc439..156cd31284e5 100644 --- a/games/pom/pom.c +++ b/games/pom/pom.c @@ -79,6 +79,10 @@ main() double days, today, tomorrow; int cnt; + /* revoke */ + setegid(getgid()); + setgid(getgid()); + (void) time(&tt); GMT = gmtime(&tt); days = (GMT->tm_yday + 1) + ((GMT->tm_hour + diff --git a/games/ppt/ppt.c b/games/ppt/ppt.c index 84fd89a0a3ce..ab0d154977eb 100644 --- a/games/ppt/ppt.c +++ b/games/ppt/ppt.c @@ -52,6 +52,10 @@ main(argc, argv) register int c; register char *p; + /* revoke */ + setegid(getgid()); + setgid(getgid()); + (void) puts("___________"); if (argc > 1) while (p = *++argv) diff --git a/games/primes/primes.c b/games/primes/primes.c index f174e9006f26..1273d524ee6e 100644 --- a/games/primes/primes.c +++ b/games/primes/primes.c @@ -115,6 +115,10 @@ main(argc, argv) int ch; char *p; + /* revoke */ + setegid(getgid()); + setgid(getgid()); + while ((ch = getopt(argc, argv, "")) != EOF) switch (ch) { case '?': diff --git a/games/quiz/quiz.c b/games/quiz/quiz.c index d6291a594dd2..287988c341e1 100644 --- a/games/quiz/quiz.c +++ b/games/quiz/quiz.c @@ -81,6 +81,10 @@ main(argc, argv) register int ch; char *indexfile; + /* revoke */ + setegid(getgid()); + setgid(getgid()); + indexfile = _PATH_QUIZIDX; while ((ch = getopt(argc, argv, "i:t")) != EOF) switch(ch) { diff --git a/games/rain/rain.c b/games/rain/rain.c index c79bb1c66843..077fd88a4798 100644 --- a/games/rain/rain.c +++ b/games/rain/rain.c @@ -80,6 +80,10 @@ main(argc, argv) int xpos[5], ypos[5]; static void onsig(); + /* revoke */ + setegid(getgid()); + setgid(getgid()); + if (!(term = getenv("TERM"))) { fprintf(stderr, "%s: TERM: parameter not set\n", *argv); exit(1); diff --git a/games/random/random.c b/games/random/random.c index 076990b38ac5..94c75f716ed7 100644 --- a/games/random/random.c +++ b/games/random/random.c @@ -66,6 +66,10 @@ main(argc, argv) int ch, random_exit, selected, unbuffer_output; char *ep; + /* revoke */ + setegid(getgid()); + setgid(getgid()); + random_exit = unbuffer_output = 0; while ((ch = getopt(argc, argv, "er")) != EOF) switch (ch) { diff --git a/games/robots/main.c b/games/robots/main.c index 9692295d8bcb..00c418700967 100644 --- a/games/robots/main.c +++ b/games/robots/main.c @@ -56,6 +56,10 @@ char **av; extern int Max_per_uid; void quit(); + /* revoke */ + setegid(getgid()); + setgid(getgid()); + show_only = FALSE; if (ac > 1) { bad_arg = FALSE; @@ -64,8 +68,6 @@ char **av; if (isdigit(av[0][0])) Max_per_uid = atoi(av[0]); else { - setuid(getuid()); - setgid(getgid()); Scorefile = av[0]; # ifdef FANCY sp = rindex(Scorefile, '/'); diff --git a/games/snake/snake/snake.c b/games/snake/snake/snake.c index c41ee0503c50..7fdf0db7ec13 100644 --- a/games/snake/snake/snake.c +++ b/games/snake/snake/snake.c @@ -93,6 +93,9 @@ int repeat=1; long tv; char *tn; +int rawscores; +FILE *logfile; + main(argc,argv) int argc; char **argv; @@ -103,6 +106,13 @@ char **argv; long atol(); void stop(); + rawscores = open(_PATH_RAWSCORES, O_RDWR|O_CREAT, 0644); + logfile = fopen(_PATH_LOGFILE, "a"); + + /* revoke privs */ + setegid(getgid()); + setgid(getgid()); + (void)time(&tv); srandom((int)tv); @@ -464,7 +474,6 @@ post(iscore, flag) int iscore, flag; { short score = iscore; - int rawscores; short uid; short oldbest=0; short allbwho=0, allbscore=0; @@ -477,7 +486,7 @@ int iscore, flag; pr("No saved scores for uid %d.\n", uid); return(1); } - if ((rawscores = open(_PATH_RAWSCORES, O_RDWR|O_CREAT, 0644)) < 0) { + if (rawscores == -1) { pr("No score file %s: %s.\n", _PATH_RAWSCORES, strerror(errno)); return(1); @@ -880,10 +889,9 @@ int num; logit(msg) char *msg; { - FILE *logfile; long t; - if ((logfile=fopen(_PATH_LOGFILE, "a")) != NULL) { + if (logfile != NULL) { time(&t); fprintf(logfile, "%s $%d %dx%d %s %s", getlogin(), cashvalue, lcnt, ccnt, msg, ctime(&t)); diff --git a/games/snake/snscore/snscore.c b/games/snake/snscore/snscore.c index 1590404b8cb2..a9ee82f546fb 100644 --- a/games/snake/snscore/snscore.c +++ b/games/snake/snscore/snscore.c @@ -68,10 +68,16 @@ main() struct passwd *p; fd = fopen(recfile, "r"); + if (fd == NULL) { perror(recfile); exit(1); } + + /* revoke privs */ + setegid(getgid()); + setgid(getgid()); + printf("Snake players scores to date\n"); fread(&whoallbest, sizeof(short), 1, fd); fread(&allbest, sizeof(short), 1, fd); diff --git a/games/trek/main.c b/games/trek/main.c index ef8a299ed883..f3f31f721fd6 100644 --- a/games/trek/main.c +++ b/games/trek/main.c @@ -161,6 +161,8 @@ char **argv; register char **av; struct sgttyb argp; + setgid(getgid()); + av = argv; ac = argc; av++; diff --git a/games/worm/worm.c b/games/worm/worm.c index 04896830b02f..e66fce8937b5 100644 --- a/games/worm/worm.c +++ b/games/worm/worm.c @@ -85,6 +85,10 @@ main(argc, argv) { char ch; + /* revoke */ + setegid(getgid()); + setgid(getgid()); + if (argc == 2) start_len = atoi(argv[1]); if ((start_len <= 0) || (start_len > 500)) diff --git a/games/worms/worms.c b/games/worms/worms.c index 978a02dd508b..c8b8e5085bfa 100644 --- a/games/worms/worms.c +++ b/games/worms/worms.c @@ -201,6 +201,10 @@ main(argc, argv) struct sgttyb tt; extern short ospeed; + /* revoke */ + setegid(getgid()); + setgid(getgid()); + length = 16; number = 3; trail = ' '; diff --git a/games/wump/wump.c b/games/wump/wump.c index ee53dc90cd15..dec7dfbeefbd 100644 --- a/games/wump/wump.c +++ b/games/wump/wump.c @@ -111,6 +111,10 @@ main(argc, argv) extern char *optarg; int c; + /* revoke */ + setegid(getgid()); + setgid(getgid()); + #ifdef DEBUG while ((c = getopt(argc, argv, "a:b:hp:r:t:d")) != EOF) #else