--- cxhextris/xio.c.old Sat May 2 19:53:23 1998 +++ cxhextris/xio.c Sat May 2 19:53:51 1998 @@ -105,6 +105,7 @@ } else log_name = pwent->pw_name; #endif + init_scoreboard(); for (i = 1; i < argc; i++) { if (! strcmp(argv[i],"-rv")) { inverse = 1; --- cxhextris/stdsys.c.old Wed Apr 7 03:21:20 1993 +++ cxhextris/stdsys.c Sat May 2 19:53:00 1998 @@ -89,6 +89,47 @@ npiece->column = MAXCOLUMN / 2; } + +/* + * Added by Alan Cox , RedHat May 1997 + * + * Xhextris isnt the cleanest of code, its also using a ton of toolkits. I've + * swatted the bug reported by Chris Evans but I don't believe that this is the + * right approach. + * + * So we do it this way. + * + * main calls init_scoreboard(). init_scoreboard drops all setuid/setgidness + * _after_ opening up the scoreboard. + */ + +static FILE *scores=NULL; + +void init_scoreboard(void) +{ + scores=fopen(HIGHSCOREFILE, "r+"); + /* Drop em.. */ + if(setregid(getgid(),getgid())==-1 || + setreuid(getuid(),getuid())==-1) + { + perror("drop privileges"); + exit(1); + } +} + +static FILE *get_score_file(void) +{ + if(!scores) + return NULL; + rewind(scores); + return scores; +} + +static void put_score_file(void) +{ + fflush(scores); +} + /* This reads in the high score file. */ read_high_scores(high_scores) @@ -96,12 +137,9 @@ { int i, j; FILE *high_score_file; - char high_score_file_name[512]; char buffer[40]; - strcpy(high_score_file_name,HIGHSCOREFILE); - - if ((high_score_file = fopen(high_score_file_name , "r")) == NULL) { + if ((high_score_file = get_score_file()) == NULL) { fprintf(stderr,"xhextris: Can't open high score file.\n"); return 0; } @@ -124,7 +162,7 @@ high_scores[j].score = 0; high_scores[j].rows = 0; } - fclose(high_score_file); + put_score_file(); return 1; } @@ -139,12 +177,10 @@ char high_score_file_name[512]; char buffer[40]; - strcpy(high_score_file_name,HIGHSCOREFILE); - #ifdef AFS beGames(); #endif - if ((high_score_file = fopen(high_score_file_name, "w")) == NULL) { + if ((high_score_file = get_score_file()) == NULL) { fprintf(stderr,"xhextris: Can't open high score file.\n"); return 0; } @@ -159,7 +195,7 @@ fwrite(buffer,sizeof(char),40,high_score_file); } fflush(high_score_file); - fclose(high_score_file); + put_score_file(); /* rename(tmp_high_score_file_name,high_score_file_name);*/ #ifdef AFS bePlayer(); --- cxhextris/hextris.c.old Tue Apr 6 00:55:55 1993 +++ cxhextris/hextris.c Sat May 2 19:57:36 1998 @@ -490,8 +490,8 @@ high_scores[j].score = high_scores[j-1].score; high_scores[j].rows = high_scores[j-1].rows; } - strcpy(high_scores[i].name, name); - strcpy(high_scores[i].userid, userid); + strncpy(high_scores[i].name, name, sizeof(high_scores[i].name)); + strncpy(high_scores[i].userid, userid, sizeof(high_scores[i].userid)); high_scores[i].score = score; high_scores[i].rows = rows; added = 1;