Subject: CVS commit: basesrc
To: None <source-changes@netbsd.org>
From: Joseph Myers <jsm@netbsd.org>
List: source-changes
Date: 09/12/1999 02:02:25
Module Name:	basesrc
Committed By:	jsm
Date:		Sun Sep 12 09:02:24 UTC 1999

Modified Files:
	basesrc/games/canfield/canfield: canfield.c
	basesrc/games/canfield/cfscores: cfscores.c
	basesrc/games/cribbage: crib.c
	basesrc/games/fish: fish.c
	basesrc/games/gomoku: main.c
	basesrc/games/hangman: main.c
	basesrc/games/mille: mille.c
	basesrc/games/monop: monop.c
	basesrc/games/morse: morse.c
	basesrc/games/ppt: ppt.c
	basesrc/games/quiz: quiz.c
	basesrc/games/robots: main.c robots.h score.c
	basesrc/games/rogue: init.c machdep.c rogue.h score.c
	basesrc/games/snake/snake: snake.c
	basesrc/games/snake/snscore: snscore.c
	basesrc/games/tetris: scores.c tetris.c tetris.h
	basesrc/games/trek: main.c
	basesrc/games/worm: worm.c
	basesrc/games/wump: wump.c

Log Message:
Security improvements for games (largely from or inspired by OpenBSD).

Games which run setgid from dm, but don't need to, should drop their
privileges at startup.

Games which have a scorefile should open it at startup, then drop all
privileges leaving just the open writable file descriptor.  If the
game can invoke subprocesses, this should be made close-on-exec.

Games with scorefiles should make sure they do not get a file
descriptor < 3.  (Otherwise, they could get confused and corrupt the
scorefile when using stdin, stdout or stderr.)

Some old setuid revokes from the days of setuid games change into gid
revokes.


To generate a diff of this commit:
cvs rdiff -r1.14 -r1.15 basesrc/games/canfield/canfield/canfield.c
cvs rdiff -r1.7 -r1.8 basesrc/games/canfield/cfscores/cfscores.c
cvs rdiff -r1.11 -r1.12 basesrc/games/cribbage/crib.c
cvs rdiff -r1.9 -r1.10 basesrc/games/fish/fish.c
cvs rdiff -r1.7 -r1.8 basesrc/games/gomoku/main.c
cvs rdiff -r1.6 -r1.7 basesrc/games/hangman/main.c
cvs rdiff -r1.8 -r1.9 basesrc/games/mille/mille.c
cvs rdiff -r1.8 -r1.9 basesrc/games/monop/monop.c
cvs rdiff -r1.7 -r1.8 basesrc/games/morse/morse.c
cvs rdiff -r1.5 -r1.6 basesrc/games/ppt/ppt.c
cvs rdiff -r1.14 -r1.15 basesrc/games/quiz/quiz.c
cvs rdiff -r1.10 -r1.11 basesrc/games/robots/main.c
cvs rdiff -r1.11 -r1.12 basesrc/games/robots/robots.h
cvs rdiff -r1.9 -r1.10 basesrc/games/robots/score.c
cvs rdiff -r1.9 -r1.10 basesrc/games/rogue/init.c \
    basesrc/games/rogue/machdep.c basesrc/games/rogue/rogue.h
cvs rdiff -r1.7 -r1.8 basesrc/games/rogue/score.c
cvs rdiff -r1.12 -r1.13 basesrc/games/snake/snake/snake.c
cvs rdiff -r1.10 -r1.11 basesrc/games/snake/snscore/snscore.c
cvs rdiff -r1.5 -r1.6 basesrc/games/tetris/scores.c
cvs rdiff -r1.11 -r1.12 basesrc/games/tetris/tetris.c
cvs rdiff -r1.6 -r1.7 basesrc/games/tetris/tetris.h
cvs rdiff -r1.6 -r1.7 basesrc/games/trek/main.c
cvs rdiff -r1.15 -r1.16 basesrc/games/worm/worm.c
cvs rdiff -r1.11 -r1.12 basesrc/games/wump/wump.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.