emacs-pretest-bug
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: address@hidden: gamegrid-add-score fails]


From: Oliver Scholz
Subject: Re: address@hidden: gamegrid-add-score fails]
Date: Tue, 25 Feb 2003 14:42:41 +0100
User-agent: Gnus/5.090016 (Oort Gnus v0.16) Emacs/21.3.50

[Send to Colin Walters, too, because he is the author of
update-game-score.]

Richard Stallman <address@hidden> writes:

> Would you like to fix this?  Please ack.

Sorry for the delay. I had to install a GNU/Linux on my new laptop
first, which turned out to be rather hairy.

> From: Jesper Harder <address@hidden>
> Subject: gamegrid-add-score fails
> To: address@hidden
> Date: Tue, 21 Jan 2003 04:29:01 +0100
>
> Evaluating:
>
>     (gamegrid-add-score "foo" 99)
>
> fails with the error:
>
>     Failed to access scores file: No such file or directory
>
> The `shared-game-score-directory' directory (/usr/local/var/games/emacs)
> does exist, but the file "foo" doesn't.
>
> Evaluating the expression with one of the pre-existing files,
> e.g. "tetris-scores", works as expected.

Looking at update-gamescore.c I start to think that this is
intentionally so. The files "tetris-score" and "snake-score" in
$(gamedir) are created by the Makefile in lib-src during the
installation of Emacs.

I am rather new to C and my knowledge of POSIX security issues is
nil. The critical line in update-gamescore.c is 220 f.:

  if (stat (scorefile, &buf) < 0)
    lose_syserr ("Failed to access scores file");

I guess update-gamescore could create the requested file, if
stat(...); returns -1.  But then again I think that only root should
create arbitrary file in $(gamedir). WDYT?

So I'd propose that I fix it this way:

1. `gamegrid-add-score-with-update-game-score' should fall back on
   `gamegrid-add-score-insecure', if the requested file does not exist
   in $(gamedir). This is for the case that a user has installed a
   game on her own.

2. Add appropriate information to the docstring of
   `gamegrid-add-score'.

Suggested patch attached.

    Oliver

Attachment: gamegrid.diff
Description: Text Data

-- 
Oliver Scholz               7 Ventôse an 211 de la Révolution
Taunusstr. 25               Liberté, Egalité, Fraternité!
60329 Frankfurt a. M.       http://www.jungdemokratenhessen.de
Tel. (069) 97 40 99 42      http://www.jdjl.org

reply via email to

[Prev in Thread] Current Thread [Next in Thread]