From: kstailey <kstailey@openbsd.org>
Date: Wed, 5 Feb 1997 18:26:07 +0000 (+0000)
Subject: fix highscore without breaking security
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=5f463f574082733c09e8842a7217a10aabf36737;p=openbsd

fix highscore without breaking security
---

diff --git a/games/robots/Makefile b/games/robots/Makefile
index a2bf82c7d3b..f6baaba9b21 100644
--- a/games/robots/Makefile
+++ b/games/robots/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.3 1996/12/08 15:36:19 downsj Exp $
+#	$OpenBSD: Makefile,v 1.4 1997/02/05 18:26:07 kstailey Exp $
 #	$NetBSD: Makefile,v 1.5 1995/04/22 10:08:46 cgd Exp $
 #	@(#)Makefile	8.1 (Berkeley) 5/31/93
 
@@ -12,7 +12,7 @@ LDADD=	-lcurses -ltermlib
 HIDEGAME=hidegame
 
 beforeinstall:
-	${INSTALL} ${COPY} -o ${BINOWN} -g ${BINGRP} -m 600 /dev/null \
+	${INSTALL} ${COPY} -o ${BINOWN} -g ${BINGRP} -m 664 /dev/null \
 	    ${DESTDIR}/var/games/robots_roll
 
 .include <bsd.prog.mk>
diff --git a/games/robots/main.c b/games/robots/main.c
index 215e962e7b5..bca9bb92cef 100644
--- a/games/robots/main.c
+++ b/games/robots/main.c
@@ -60,8 +60,14 @@ char	**av;
 	register bool	show_only;
 	extern char	*Scorefile;
 	extern int	Max_per_uid;
+	int		score_wfd; /* high score writable file descriptor */
 	void quit();
 
+	if ((score_wfd = open(Scorefile, 2)) < 0) {
+		perror(Scorefile);
+		exit(1);
+	}	
+
 	/* revoke */
 	setegid(getgid());
 	setgid(getgid());
@@ -79,6 +85,15 @@ char	**av;
 					sp = strrchr(Scorefile, '/');
 					if (sp == NULL)
 						sp = Scorefile;
+					close(score_wfd);
+				/* This file is in the current directory  */
+				/* and requires no special privileges: */
+					if ((score_wfd =
+					     open(Scorefile, 2)) < 0) {
+						perror(Scorefile);
+						exit(1);
+					}
+
 					if (strcmp(sp, "pattern_roll") == 0)
 						Pattern_roll = TRUE;
 					else if (strcmp(sp, "stand_still") == 0)
@@ -150,7 +165,7 @@ char	**av;
 		move(My_pos.y, My_pos.x);
 		printw("AARRrrgghhhh....");
 		refresh();
-		score();
+		score(score_wfd);
 	} while (another());
 	quit();
 }
diff --git a/games/robots/score.c b/games/robots/score.c
index d96c8dff50b..e35ec766698 100644
--- a/games/robots/score.c
+++ b/games/robots/score.c
@@ -65,19 +65,16 @@ static SCORE	Top[MAXSCORES];
  *	Post the player's score, if reasonable, and then print out the
  *	top list.
  */
-score()
+score(score_wfd)
+     int score_wfd;
 {
-	register int	inf;
+	register int	inf = score_wfd;
 	register SCORE	*scp;
 	register int	uid;
 	register bool	done_show = FALSE;
 	static int	numscores, max_uid;
 
 	Newscore = FALSE;
-	if ((inf = open(Scorefile, 2)) < 0) {
-		perror(Scorefile);
-		return;
-	}
 
 	if (read(inf, &max_uid, sizeof max_uid) == sizeof max_uid)
 		read(inf, Top, sizeof Top);
@@ -113,7 +110,7 @@ score()
 
 	if (!Newscore) {
 		Full_clear = FALSE;
-		close(inf);
+		fsync(inf);
 		return;
 	}
 	else
@@ -139,7 +136,7 @@ score()
 		write(inf, &max_uid, sizeof max_uid);
 		write(inf, Top, sizeof Top);
 	}
-	close(inf);
+	fsync(inf);
 }
 
 set_name(scp)