From owner-freebsd-current  Mon Sep  1 11:44:12 1997
Return-Path: <owner-freebsd-current>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id LAA14560
          for current-outgoing; Mon, 1 Sep 1997 11:44:12 -0700 (PDT)
Received: from bitbox.follo.net (bitbox.follo.net [194.198.43.36])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id LAA14551
          for <current@FreeBSD.ORG>; Mon, 1 Sep 1997 11:44:06 -0700 (PDT)
Received: (from eivind@localhost)
	by bitbox.follo.net (8.8.6/8.8.6) id UAA18450;
	Mon, 1 Sep 1997 20:43:58 +0200 (MET DST)
Date: Mon, 1 Sep 1997 20:43:58 +0200 (MET DST)
Message-Id: <199709011843.UAA18450@bitbox.follo.net>
From: Eivind Eklund <perhaps@yes.no>
To: =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= <ache@nagual.pp.ru>
CC: current@FreeBSD.ORG
In-reply-to: =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?='s message of Mon, 1 Sep 1997
	16:31:04 +0400 (MSD)
Subject: Re: games uid->gid does too much damage! Who ever got this idea and why?
References: <Pine.BSF.3.96.970901162259.5706A-100000@nagual.pp.ru>
Sender: owner-freebsd-current@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk


Since you're asking questions in the subject: I got this idea a long
time ago, and found that OpenBSD had already done it.  I merged and
verified that at least Guido and Warner (security officers) considered
it The Right Thing, and then committed.

> 
> Well, I remove all revoke mess for games which ever aren't sguid,

Sorry about spurious revokes - I assumed that they were in OpenBSD for
a reason.

> but rest of the games (which are sguid under HIDEGAME) is seriously
> broken now too, consider following example from snake.c:
> 
> 	rawscores = open(_PATH_RAWSCORES, O_RDWR|O_CREAT, 0644);
> 	logfile = fopen(_PATH_LOGFILE, "a");
> 
> 	/* revoke privs */
> 	setegid(getgid());
> 	setgid(getgid());
> 
> This files created after first run:
> 
> -rw-r--r--   ache   games   snakerawscores
> -rw-rw-r--   ache   games   snake.log
> 
> It means that any user which run 'snake' first time can damage (overwrite)
> scores and log file. Similar thing for other games too.

We might want to make /var/games 0770 instead of 0775; this should
solve this problem.

> I suggest to back out recent games uid->gid completely and remove revike
> mess too.

I suggest you calm down and check whether things happen for a reason.
This is to avoid security errors in games compromising other accounts.
And it would be courteous to check with the person responsible before
flaming in public; I'm not that hard to get hold of.

Eivind.