>Number:         2699
>Category:       bin
>Synopsis:       larn can't create log file
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Aug 14 19:35:01 1996
>Last-Modified:
>Originator:     Kenneth Stailey
>Organization:
DOL/ESA/DASM
>Release:        1.2_BETA
>Environment:
	
System: NetBSD owl 1.2_BETA NetBSD 1.2_BETA (OWL) #1: Mon Aug 12 15:23:30 EDT 1996 kstailey@owl:/usr/src/sys/arch/i386/compile/OWL i386


>Description:
larn relinquishes setuid games and then tries to create a file in a games owned
directory.
>How-To-Repeat:
Play larn, but not as root.  Win some points before you die.  See error
message upon death.
>Fix:
A curly brace in the code is indented wrong.  Perhaps that's why somebody
failed to position the seteuid(euid) call correctly (i.e. before the lcreat()
not after.)

--- scores.c.DIST	Tue May 28 07:16:28 1996
+++ scores.c	Wed Aug 14 17:28:07 1996
@@ -518,13 +518,13 @@
 #ifndef NOLOG
 		if (lappend(logfile)<0)  /* append to file */
 			{
+			seteuid(euid);
 			if (lcreat(logfile)<0) /* and can't create new log file */
-		    	{
+		    		{
 				lcreat((char*)0);
 				lprcat("\nCan't open record file:  I can't post your score.\n");
 				sncbr();  resetscroll();  lflush();  exit();
 				}
-			seteuid(euid);
 			chmod(logfile,0660);
 			seteuid(uid);
 			}



Also io.c does not print the reason the file failed to save.  Here's some more
diagnositics for it.


--- io.c.DIST	Wed Aug 14 15:14:49 1996
+++ io.c	Wed Aug 14 15:17:58 1996
@@ -454,11 +454,13 @@
 lcreat(str)
 	char *str;
 	{
+	extern int errno;
 	lpnt = lpbuf;	lpend = lpbuf+BUFBIG;
 	if (str==NULL) return(lfd=1);
 	if ((lfd=creat(str,0644)) < 0) 
 		{
-		lfd=1; lprintf("error creating file <%s>\n",str); lflush(); return(-1);
+		lfd=1; lprintf("error (%s) creating file <%s>\n",
+			       strerror(errno), str); lflush(); return(-1);
 		}
 	return(lfd);
 	}

>Audit-Trail:
>Unformatted: