From 17d3e39610f223cfcb395f288961e9ae8af02072 Mon Sep 17 00:00:00 2001
From: jim <jim@FreeBSD.org>
Date: Thu, 13 Jul 2000 20:33:25 +0000
Subject: Fix exploit where a local user can overwrite arbitrary files.

PR:		19862
		19864
19862 submitted by:	Rich Mirch <mirchr@sunyit.edu>
19864 submitted by:	maintainer
---
 games/xtrojka/files/patch-aa | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'games')

diff --git a/games/xtrojka/files/patch-aa b/games/xtrojka/files/patch-aa
index 59a5b83..c84978d 100644
--- a/games/xtrojka/files/patch-aa
+++ b/games/xtrojka/files/patch-aa
@@ -1,5 +1,5 @@
---- Makefile	Sat Oct 21 17:38:22 1995
-+++ Makefile.new	Mon May 29 01:35:31 2000
+--- Makefile.orig	Sat Oct 21 22:38:22 1995
++++ Makefile	Wed Jul 12 08:50:34 2000
 @@ -8,7 +8,7 @@
  
  #	your favorite C-compiler
@@ -58,7 +58,7 @@
  #
  #
  #	main
-@@ -101,11 +105,15 @@
+@@ -101,11 +105,17 @@
  #
  #
  install:
@@ -67,8 +67,9 @@
 -	cp xtrojka.6 $(MANDIR); chmod go+r xtrojka.6; \
 -	cp xtrojka $(TARGET_DIR);chmod go+rx xtrojka; \
 -	touch $(HSFILE); chmod go+rwx $(HSFILE);
-+	echo $(HSFILE)|sed -e 's/\//\\\//g'>/tmp/hsn
-+	sed -e "s/__SCOREDIR__/`cat /tmp/hsn`/g" manpage > xtrojka.6
++	@rm -f hsn
++	echo $(HSFILE)|sed -e 's/\//\\\//g'>hsn
++	sed -e "s/__SCOREDIR__/`cat hsn`/g" manpage > xtrojka.6
 +	gzip -c xtrojka.6 >$(MANDIR)/xtrojka.6.gz
 +	cp xtrojka $(TARGET_DIR)
 +	chmod 2755 $(TARGET_DIR)/xtrojka
@@ -76,6 +77,7 @@
 +	touch $(HSFILE)
 +	chmod 664 $(HSFILE)
 +	chgrp games $(HSFILE)
++	@rm -f hsn
  	
  clean:
  	rm -rf *.o core xtrojka xtrojka.6 
-- 
cgit v1.1