From abe029ba749cb7e48c3e7972b29acbe5d9dd099b Mon Sep 17 00:00:00 2001 From: Ying-Chieh Liao Date: Thu, 27 Dec 2001 11:30:09 +0000 Subject: fix suid issue PR: 32872 Submitted by: maintainer Reported by: andreas --- .../files/patch-sys::unix::Makefile.top | 55 ++++++++++++++++++++-- games/nethack34-gnome/pkg-plist | 7 ++- 2 files changed, 57 insertions(+), 5 deletions(-) (limited to 'games/nethack34-gnome') diff --git a/games/nethack34-gnome/files/patch-sys::unix::Makefile.top b/games/nethack34-gnome/files/patch-sys::unix::Makefile.top index 3e0433d9f23b..573201864474 100644 --- a/games/nethack34-gnome/files/patch-sys::unix::Makefile.top +++ b/games/nethack34-gnome/files/patch-sys::unix::Makefile.top @@ -1,5 +1,5 @@ *** sys/unix/Makefile.top.orig Tue Jul 4 02:42:05 2000 ---- sys/unix/Makefile.top Sat Dec 9 13:08:51 2000 +--- sys/unix/Makefile.top Wed Dec 26 13:46:52 2001 *************** *** 14,31 **** # MAKE = make @@ -15,7 +15,7 @@ # See also the option "SECURE" in include/config.h ! GAMEPERM = 04755 ! FILEPERM = 0644 - EXEPERM = 0755 +! EXEPERM = 0755 ! DIRPERM = 0755 # GAMEDIR also appears in config.h as "HACKDIR". @@ -31,9 +31,9 @@ # Permissions - some places use setgid instead of setuid, for instance # See also the option "SECURE" in include/config.h -! GAMEPERM = 02755 +! GAMEPERM = 0755 ! FILEPERM = 0664 - EXEPERM = 0755 +! EXEPERM = 02755 ! DIRPERM = 0775 # GAMEDIR also appears in config.h as "HACKDIR". @@ -76,3 +76,50 @@ VARDATD = data oracles options quest.dat rumors VARDAT = $(VARDATD) $(VARDATND) +*************** +*** 170,182 **** + sed -e 's;/usr/games/lib/nethackdir;$(GAMEDIR);' \ + -e 's;HACKDIR/nethack;HACKDIR/$(GAME);' \ + < sys/unix/nethack.sh \ +! > $(SHELLDIR)/$(GAME) + # set up their permissions + -( cd $(GAMEDIR) ; $(CHOWN) $(GAMEUID) $(GAME) ; \ + $(CHGRP) $(GAMEGRP) $(GAME) ) + chmod $(GAMEPERM) $(GAMEDIR)/$(GAME) + -$(CHOWN) $(GAMEUID) $(SHELLDIR)/$(GAME) + $(CHGRP) $(GAMEGRP) $(SHELLDIR)/$(GAME) + chmod $(EXEPERM) $(SHELLDIR)/$(GAME) + + dofiles-dlb: check-dlb +--- 169,189 ---- + sed -e 's;/usr/games/lib/nethackdir;$(GAMEDIR);' \ + -e 's;HACKDIR/nethack;HACKDIR/$(GAME);' \ + < sys/unix/nethack.sh \ +! > $(GAMEDIR)/$(GAME)-start.sh +! @echo "#include " > nethack-wrapper.c +! @echo "int main(int argc, char *argv[]) {" >> nethack-wrapper.c +! @echo " execv(\"$(GAMEDIR)/$(GAME)-start.sh\", argv);}" >> nethack-wrapper.c +! $(CC) $(CFLAGS) -o nethack-wrapper nethack-wrapper.c +! cp nethack-wrapper $(SHELLDIR)/$(GAME) + # set up their permissions + -( cd $(GAMEDIR) ; $(CHOWN) $(GAMEUID) $(GAME) ; \ + $(CHGRP) $(GAMEGRP) $(GAME) ) + chmod $(GAMEPERM) $(GAMEDIR)/$(GAME) + -$(CHOWN) $(GAMEUID) $(SHELLDIR)/$(GAME) + $(CHGRP) $(GAMEGRP) $(SHELLDIR)/$(GAME) ++ chmod $(GAMEPERM) $(GAMEDIR)/$(GAME)-start.sh ++ -$(CHOWN) $(GAMEUID) $(GAMEDIR)/$(GAME)-start.sh ++ $(CHGRP) $(GAMEGRP) $(GAMEDIR)/$(GAME)-start.sh + chmod $(EXEPERM) $(SHELLDIR)/$(GAME) + + dofiles-dlb: check-dlb +*************** +*** 236,241 **** +--- 243,249 ---- + clean: + ( cd src ; $(MAKE) clean ) + ( cd util ; $(MAKE) clean ) ++ rm -f nethack-wrapper.c nethack-wrapper + + # 'make spotless' returns the source tree to near-distribution condition. + # it removes .o files, executables, and compiled data files diff --git a/games/nethack34-gnome/pkg-plist b/games/nethack34-gnome/pkg-plist index 857645278f3d..5d57f2a6dcc1 100644 --- a/games/nethack34-gnome/pkg-plist +++ b/games/nethack34-gnome/pkg-plist @@ -1,8 +1,13 @@ bin/nethack +@exec chmod 2755 %D/bin/nethack +@exec chown games:games %D/bin/nethack share/nethack/nethack +share/nethack/nethack-start.sh +@exec mkdir %D/share/nethack/save @exec mkdir %D/share/nethack/save @exec chmod -R 775 %D/share/nethack -@exec chmod 2755 %D/share/nethack/nethack +@exec chmod 755 %D/share/nethack/nethack +@exec chmod 755 %D/share/nethack/nethack-start.sh @exec chown games:games %D/share/nethack/save @unexec rm -rf %D/share/nethack/save share/doc/nethack/Guidebook.txt -- cgit v1.2.3