tAuto-convert 0-byte high score files; drop privileges before reading config. f… | |
git clone git://src.adamsgaard.dk/vaccinewars | |
Log | |
Files | |
Refs | |
README | |
LICENSE | |
--- | |
commit c80f9cd8b5abbab84e4b9f4c0323bbb3a65cce61 | |
parent e3f29d28322988a32df6d172274add4f6414f239 | |
Author: Ben Webb <[email protected]> | |
Date: Mon, 24 Jun 2002 11:28:59 +0000 | |
Auto-convert 0-byte high score files; drop privileges before reading config. | |
files and command line options, thereby refusing to open anything other than | |
tthe hard-coded default high score file with privileges. | |
Diffstat: | |
M ChangeLog | 5 +++++ | |
M Makefile.am | 1 - | |
M doc/commandline.html | 6 ++++-- | |
M doc/configfile.html | 5 ++++- | |
M src/dopewars.c | 21 +++++++++++++++++---- | |
M src/serverside.c | 34 +++++++++++++++++++----------… | |
6 files changed, 51 insertions(+), 21 deletions(-) | |
--- | |
diff --git a/ChangeLog b/ChangeLog | |
t@@ -12,6 +12,11 @@ cvs | |
- configure should now work properly if GLib 2.0 is installed but | |
GTK2.0 is not | |
- Norwegian Nynorsk translation added by �smund | |
+ - If dopewars is run setuid/setgid, it will now only use this privilege | |
+ to open the default (hard-coded) high score file; it will not open | |
+ a user-specified high score file with privilege | |
+ - It is no longer necessary to run "dopewars -C" on a zero-byte high | |
+ score file; it will be converted automatically | |
1.5.6 29-04-2002 | |
- Bug fix: the server will only let you pay back loans or deal with the | |
diff --git a/Makefile.am b/Makefile.am | |
t@@ -17,6 +17,5 @@ install-data-local: | |
@chgrp games ${SCORE} || chgrp wheel ${SCORE} || \ | |
echo "Unable to change group ownership of the high score file" | |
chmod 0660 ${SCORE} | |
- src/dopewars -C ${SCORE} | |
${mkinstalldirs} ${DESKTOPDIR} | |
${INSTALL} -m 0644 ${srcdir}/${DESKTOP} ${DESKTOPDIR} | |
diff --git a/doc/commandline.html b/doc/commandline.html | |
t@@ -55,7 +55,9 @@ mode also.</dd> | |
<dd>Specifies the path and name of the file used to store the dopewars | |
high scores in; this can alternatively be specified in the configuration file | |
with the <a href="configfile.html#HiScoreFile">HiScoreFile=<i>file</i></a> | |
-option.</dd> | |
+option. (N.B. This option cannot be used to get dopewars to open a high | |
+score file with privilege when running setuid/setgid; all privileges are | |
+dropped by this point for security.)</dd> | |
<dt><a name="server"><b>-o <i>addr</i></b>, <b>--hostname=<i>addr</i></b> | |
</a></dt> | |
t@@ -159,6 +161,6 @@ contact details.</dd> | |
<ul> | |
<li><a href="index.html">Main index</a></li> | |
</ul> | |
-<p>Last update: <b>04-02-2002</b></p> | |
+<p>Last update: <b>23-06-2002</b></p> | |
</body> | |
</html> | |
diff --git a/doc/configfile.html b/doc/configfile.html | |
t@@ -145,7 +145,10 @@ the user for a username and password on each connect inst… | |
<dd>Tells the dopewars server (or the client, if running in single-player | |
mode, not connected to a server) to use the file <i>/var/lib/dopewars.sco</i> | |
to store high scores. This can be overridden with the -f | |
-<a href="commandline.html#hiscore">command line option</a>.</dd> | |
+<a href="commandline.html#hiscore">command line option</a>. | |
+(N.B. This option cannot be used to get dopewars to open a high | |
+score file with privilege when running setuid/setgid; all privileges are | |
+dropped by this point for security.)</dd> | |
<dt><b>MinToSysTray=<i>TRUE</i></b></dt> | |
<dd>Rather than behaving as a normal window, the dopewars server window adds | |
diff --git a/src/dopewars.c b/src/dopewars.c | |
t@@ -2415,10 +2415,8 @@ void SetupParameters(void) | |
Currency.Prefix = TRUE; | |
/* Set hard-coded default values */ | |
- g_free(HiScoreFile); | |
g_free(ServerName); | |
g_free(ServerMOTD); | |
- HiScoreFile = g_strdup_printf("%s/dopewars.sco", DATADIR); | |
ServerName = g_strdup("localhost"); | |
ServerMOTD = g_strdup(""); | |
g_free(WebBrowser); | |
t@@ -2693,15 +2691,30 @@ void HandleCmdLine(int argc, char *argv[]) | |
*/ | |
void GeneralStartup(int argc, char *argv[]) | |
{ | |
+ gchar *priv_hiscore; | |
+ | |
+ /* First, open the hard-coded high score file with possibly | |
+ * elevated privileges */ | |
+ priv_hiscore = g_strdup_printf("%s/dopewars.sco", DATADIR); | |
+ HiScoreFile = g_strdup(priv_hiscore); | |
+ OpenHighScoreFile(); | |
+ DropPrivileges(); | |
+ | |
ConfigErrors = 0; | |
SetupParameters(); | |
HandleCmdLine(argc, argv); | |
if (!WantVersion && !WantHelp && !AIPlayer && !WantConvert && !WantAdmin) { | |
- OpenHighScoreFile(); | |
+ /* Open a user-specified high score file with no privileges, if one | |
+ * was given */ | |
+ if (strcmp(priv_hiscore, HiScoreFile) != 0) { | |
+ CloseHighScoreFile(); | |
+ OpenHighScoreFile(); | |
+ } | |
} else { | |
- DropPrivileges(); | |
+ CloseHighScoreFile(); | |
} | |
+ g_free(priv_hiscore); | |
} | |
/* | |
diff --git a/src/serverside.c b/src/serverside.c | |
t@@ -1780,8 +1780,10 @@ void HighScoreTypeWrite(struct HISCORE *HiScore, FILE *… | |
*/ | |
void CloseHighScoreFile() | |
{ | |
- if (ScoreFP) | |
+ if (ScoreFP) { | |
fclose(ScoreFP); | |
+ } | |
+ ScoreFP = NULL; | |
} | |
/* | |
t@@ -1847,9 +1849,6 @@ void ConvertHighScoreFile(void) | |
gchar *OldError = NULL, *BackupError = NULL; | |
struct HISCORE MultiScore[NUMHISCORE], AntiqueScore[NUMHISCORE]; | |
- /* The user running dopewars must be allowed to mess with the score file */ | |
- DropPrivileges(); | |
- | |
BackupFile = g_strdup_printf("%s.bak", ConvertFile); | |
old = fopen(ConvertFile, "r+"); | |
t@@ -1922,7 +1921,7 @@ void ConvertHighScoreFile(void) | |
/* State, set by OpenHighScoreFile, and later used by | |
* CheckHighScoreFileConfig */ | |
-static gboolean NewFile; | |
+static gboolean EmptyFile; | |
static int OpenError; | |
/* | |
t@@ -1930,22 +1929,31 @@ static int OpenError; | |
*/ | |
void OpenHighScoreFile(void) | |
{ | |
- NewFile = FALSE; | |
- OpenError = 0; | |
- | |
- if (ScoreFP) | |
+ if (ScoreFP) { | |
return; /* If already opened, then we're done */ | |
+ } | |
+ | |
+ EmptyFile = FALSE; | |
+ OpenError = 0; | |
/* Win32 gets upset if we use "a+" so we use this nasty hack instead */ | |
ScoreFP = fopen(HiScoreFile, "r+"); | |
if (!ScoreFP) { | |
ScoreFP = fopen(HiScoreFile, "w+"); | |
- if (!ScoreFP) | |
+ if (!ScoreFP) { | |
OpenError = errno; | |
- NewFile = TRUE; | |
+ } | |
+ EmptyFile = TRUE; | |
} | |
- DropPrivileges(); | |
+ /* Check for a 0-byte score file */ | |
+ if (ScoreFP && !EmptyFile) { | |
+ rewind(ScoreFP); | |
+ if (fgetc(ScoreFP) == EOF) { | |
+ EmptyFile = TRUE; | |
+ } | |
+ rewind(ScoreFP); | |
+ } | |
} | |
/* | |
t@@ -1968,7 +1976,7 @@ gboolean CheckHighScoreFileConfig(void) | |
return FALSE; | |
} | |
- if (NewFile) { | |
+ if (EmptyFile) { | |
HighScoreWriteHeader(ScoreFP); | |
fflush(ScoreFP); | |
} else if (!HighScoreReadHeader(ScoreFP, NULL)) { |