[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: user/5015: gzip and 3.8 errata 2 do not mix - games/nethack suffers

To: bugs_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org
Subject: Re: user/5015: gzip and 3.8 errata 2 do not mix - games/nethack suffers
From: Otto Moerbeek <otto_(_at_)_drijf_(_dot_)_net>
Date: Sat, 11 Feb 2006 01:45:01 -0700 (MST)
Cc:
Reply-to: Otto Moerbeek <otto_(_at_)_drijf_(_dot_)_net>

The following reply was made to PR user/5015; it has been noted by GNATS.

From: Otto Moerbeek <otto_(_at_)_drijf_(_dot_)_net>
To: Joachim Schipper <j_(_dot_)_schipper_(_at_)_math_(_dot_)_uu_(_dot_)_nl>
Cc: gnats_(_at_)_openbsd_(_dot_)_org
Subject: Re: user/5015: gzip and 3.8 errata 2 do not mix - games/nethack suffers
Date: Sat, 11 Feb 2006 09:33:13 +0100 (CET)

 On Fri, 10 Feb 2006, Joachim Schipper wrote:
 
 > >Number:         5015
 > >Category:       user
 > >Synopsis:       gzip and 3.8 errata 2 do not mix - games/nethack suffers
 
 Nethack does not drop effective privs. If a call to sete{u,g}uid is
 done before the set{u,g}uid, things should work out ok.
 
 Still, gzip using /dev/stdin is something that should be looked at.
 
 	-Otto
 
 --- files.c.orig	Sat Feb 11 09:31:55 2006
 +++ files.c	Sat Feb 11 09:32:01 2006
 @@ -1153,7 +1153,9 @@ boolean uncomp;
  			redirect(filename, RDBMODE, stdin, uncomp);
  			redirect(cfn, WRBMODE, stdout, uncomp);
  		}
 +		(void) setegid(getgid());
  		(void) setgid(getgid());
 +		(void) seteuid(getuid());
  		(void) setuid(getuid());
  		(void) execv(args[0], (char *const *) args);
  		perror((char *)0);

Prev by Date: [no subject]
Next by Date: Re: user/4967: dhcpd
Previous by thread: [no subject]
Next by thread: Re: user/4967: dhcpd
Index(es):
- Date
- Thread

Visit your host, monkey.org