Date: Mon, 1 Sep 1997 16:31:04 +0400 (MSD) From: =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= <ache@nagual.pp.ru> To: FreeBSD-current <current@freebsd.org> Subject: games uid->gid does too much damage! Who ever got this idea and why? Message-ID: <Pine.BSF.3.96.970901162259.5706A-100000@nagual.pp.ru>
next in thread | raw e-mail | index | archive | help
Well, I remove all revoke mess for games which ever aren't sguid, but rest of the games (which are sguid under HIDEGAME) is seriously broken now too, consider following example from snake.c: rawscores = open(_PATH_RAWSCORES, O_RDWR|O_CREAT, 0644); logfile = fopen(_PATH_LOGFILE, "a"); /* revoke privs */ setegid(getgid()); setgid(getgid()); This files created after first run: -rw-r--r-- ache games snakerawscores -rw-rw-r-- ache games snake.log It means that any user which run 'snake' first time can damage (overwrite) scores and log file. Similar thing for other games too. I suggest to back out recent games uid->gid completely and remove revike mess too. -- Andrey A. Chernov <ache@null.net> http://www.nagual.pp.ru/~ache/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.970901162259.5706A-100000>