Date: Mon, 1 Sep 1997 20:43:58 +0200 (MET DST) From: Eivind Eklund <perhaps@yes.no> To: =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= <ache@nagual.pp.ru> Cc: current@FreeBSD.ORG Subject: Re: games uid->gid does too much damage! Who ever got this idea and why? Message-ID: <199709011843.UAA18450@bitbox.follo.net> In-Reply-To: =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?='s message of Mon, 1 Sep 1997 16:31:04 %2B0400 (MSD) References: <Pine.BSF.3.96.970901162259.5706A-100000@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Since you're asking questions in the subject: I got this idea a long time ago, and found that OpenBSD had already done it. I merged and verified that at least Guido and Warner (security officers) considered it The Right Thing, and then committed. > > Well, I remove all revoke mess for games which ever aren't sguid, Sorry about spurious revokes - I assumed that they were in OpenBSD for a reason. > but rest of the games (which are sguid under HIDEGAME) is seriously > broken now too, consider following example from snake.c: > > rawscores = open(_PATH_RAWSCORES, O_RDWR|O_CREAT, 0644); > logfile = fopen(_PATH_LOGFILE, "a"); > > /* revoke privs */ > setegid(getgid()); > setgid(getgid()); > > This files created after first run: > > -rw-r--r-- ache games snakerawscores > -rw-rw-r-- ache games snake.log > > It means that any user which run 'snake' first time can damage (overwrite) > scores and log file. Similar thing for other games too. We might want to make /var/games 0770 instead of 0775; this should solve this problem. > I suggest to back out recent games uid->gid completely and remove revike > mess too. I suggest you calm down and check whether things happen for a reason. This is to avoid security errors in games compromising other accounts. And it would be courteous to check with the person responsible before flaming in public; I'm not that hard to get hold of. Eivind.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199709011843.UAA18450>