tAuto-convert 0-byte high score files; drop privileges before reading config. files and command line options, thereby refusing to open anything other than the hard-coded default high score file with privileges. - vaccinewars - be a doctor and try to vaccinate the world
(HTM) git clone git://src.adamsgaard.dk/vaccinewars
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit c80f9cd8b5abbab84e4b9f4c0323bbb3a65cce61
(DIR) parent e3f29d28322988a32df6d172274add4f6414f239
(HTM) Author: Ben Webb <ben@salilab.org>
Date: Mon, 24 Jun 2002 11:28:59 +0000
Auto-convert 0-byte high score files; drop privileges before reading config.
files and command line options, thereby refusing to open anything other than
tthe hard-coded default high score file with privileges.
Diffstat:
M ChangeLog | 5 +++++
M Makefile.am | 1 -
M doc/commandline.html | 6 ++++--
M doc/configfile.html | 5 ++++-
M src/dopewars.c | 21 +++++++++++++++++----
M src/serverside.c | 34 +++++++++++++++++++------------
6 files changed, 51 insertions(+), 21 deletions(-)
---
(DIR) diff --git a/ChangeLog b/ChangeLog
t@@ -12,6 +12,11 @@ cvs
- configure should now work properly if GLib 2.0 is installed but
GTK2.0 is not
- Norwegian Nynorsk translation added by Åsmund
+ - If dopewars is run setuid/setgid, it will now only use this privilege
+ to open the default (hard-coded) high score file; it will not open
+ a user-specified high score file with privilege
+ - It is no longer necessary to run "dopewars -C" on a zero-byte high
+ score file; it will be converted automatically
1.5.6 29-04-2002
- Bug fix: the server will only let you pay back loans or deal with the
(DIR) diff --git a/Makefile.am b/Makefile.am
t@@ -17,6 +17,5 @@ install-data-local:
@chgrp games ${SCORE} || chgrp wheel ${SCORE} || \
echo "Unable to change group ownership of the high score file"
chmod 0660 ${SCORE}
- src/dopewars -C ${SCORE}
${mkinstalldirs} ${DESKTOPDIR}
${INSTALL} -m 0644 ${srcdir}/${DESKTOP} ${DESKTOPDIR}
(DIR) diff --git a/doc/commandline.html b/doc/commandline.html
t@@ -55,7 +55,9 @@ mode also.</dd>
<dd>Specifies the path and name of the file used to store the dopewars
high scores in; this can alternatively be specified in the configuration file
with the <a href="configfile.html#HiScoreFile">HiScoreFile=<i>file</i></a>
-option.</dd>
+option. (N.B. This option cannot be used to get dopewars to open a high
+score file with privilege when running setuid/setgid; all privileges are
+dropped by this point for security.)</dd>
<dt><a name="server"><b>-o <i>addr</i></b>, <b>--hostname=<i>addr</i></b>
</a></dt>
t@@ -159,6 +161,6 @@ contact details.</dd>
<ul>
<li><a href="index.html">Main index</a></li>
</ul>
-<p>Last update: <b>04-02-2002</b></p>
+<p>Last update: <b>23-06-2002</b></p>
</body>
</html>
(DIR) diff --git a/doc/configfile.html b/doc/configfile.html
t@@ -145,7 +145,10 @@ the user for a username and password on each connect instead.)</dd>
<dd>Tells the dopewars server (or the client, if running in single-player
mode, not connected to a server) to use the file <i>/var/lib/dopewars.sco</i>
to store high scores. This can be overridden with the -f
-<a href="commandline.html#hiscore">command line option</a>.</dd>
+<a href="commandline.html#hiscore">command line option</a>.
+(N.B. This option cannot be used to get dopewars to open a high
+score file with privilege when running setuid/setgid; all privileges are
+dropped by this point for security.)</dd>
<dt><b>MinToSysTray=<i>TRUE</i></b></dt>
<dd>Rather than behaving as a normal window, the dopewars server window adds
(DIR) diff --git a/src/dopewars.c b/src/dopewars.c
t@@ -2415,10 +2415,8 @@ void SetupParameters(void)
Currency.Prefix = TRUE;
/* Set hard-coded default values */
- g_free(HiScoreFile);
g_free(ServerName);
g_free(ServerMOTD);
- HiScoreFile = g_strdup_printf("%s/dopewars.sco", DATADIR);
ServerName = g_strdup("localhost");
ServerMOTD = g_strdup("");
g_free(WebBrowser);
t@@ -2693,15 +2691,30 @@ void HandleCmdLine(int argc, char *argv[])
*/
void GeneralStartup(int argc, char *argv[])
{
+ gchar *priv_hiscore;
+
+ /* First, open the hard-coded high score file with possibly
+ * elevated privileges */
+ priv_hiscore = g_strdup_printf("%s/dopewars.sco", DATADIR);
+ HiScoreFile = g_strdup(priv_hiscore);
+ OpenHighScoreFile();
+ DropPrivileges();
+
ConfigErrors = 0;
SetupParameters();
HandleCmdLine(argc, argv);
if (!WantVersion && !WantHelp && !AIPlayer && !WantConvert && !WantAdmin) {
- OpenHighScoreFile();
+ /* Open a user-specified high score file with no privileges, if one
+ * was given */
+ if (strcmp(priv_hiscore, HiScoreFile) != 0) {
+ CloseHighScoreFile();
+ OpenHighScoreFile();
+ }
} else {
- DropPrivileges();
+ CloseHighScoreFile();
}
+ g_free(priv_hiscore);
}
/*
(DIR) diff --git a/src/serverside.c b/src/serverside.c
t@@ -1780,8 +1780,10 @@ void HighScoreTypeWrite(struct HISCORE *HiScore, FILE *fp)
*/
void CloseHighScoreFile()
{
- if (ScoreFP)
+ if (ScoreFP) {
fclose(ScoreFP);
+ }
+ ScoreFP = NULL;
}
/*
t@@ -1847,9 +1849,6 @@ void ConvertHighScoreFile(void)
gchar *OldError = NULL, *BackupError = NULL;
struct HISCORE MultiScore[NUMHISCORE], AntiqueScore[NUMHISCORE];
- /* The user running dopewars must be allowed to mess with the score file */
- DropPrivileges();
-
BackupFile = g_strdup_printf("%s.bak", ConvertFile);
old = fopen(ConvertFile, "r+");
t@@ -1922,7 +1921,7 @@ void ConvertHighScoreFile(void)
/* State, set by OpenHighScoreFile, and later used by
* CheckHighScoreFileConfig */
-static gboolean NewFile;
+static gboolean EmptyFile;
static int OpenError;
/*
t@@ -1930,22 +1929,31 @@ static int OpenError;
*/
void OpenHighScoreFile(void)
{
- NewFile = FALSE;
- OpenError = 0;
-
- if (ScoreFP)
+ if (ScoreFP) {
return; /* If already opened, then we're done */
+ }
+
+ EmptyFile = FALSE;
+ OpenError = 0;
/* Win32 gets upset if we use "a+" so we use this nasty hack instead */
ScoreFP = fopen(HiScoreFile, "r+");
if (!ScoreFP) {
ScoreFP = fopen(HiScoreFile, "w+");
- if (!ScoreFP)
+ if (!ScoreFP) {
OpenError = errno;
- NewFile = TRUE;
+ }
+ EmptyFile = TRUE;
}
- DropPrivileges();
+ /* Check for a 0-byte score file */
+ if (ScoreFP && !EmptyFile) {
+ rewind(ScoreFP);
+ if (fgetc(ScoreFP) == EOF) {
+ EmptyFile = TRUE;
+ }
+ rewind(ScoreFP);
+ }
}
/*
t@@ -1968,7 +1976,7 @@ gboolean CheckHighScoreFileConfig(void)
return FALSE;
}
- if (NewFile) {
+ if (EmptyFile) {
HighScoreWriteHeader(ScoreFP);
fflush(ScoreFP);
} else if (!HighScoreReadHeader(ScoreFP, NULL)) {