From owner-freebsd-current  Tue Sep  2 04:56:01 1997
Return-Path: <owner-freebsd-current>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id EAA02385
          for current-outgoing; Tue, 2 Sep 1997 04:56:01 -0700 (PDT)
Received: from bitbox.follo.net (bitbox.follo.net [194.198.43.36])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id EAA02370
          for <current@freebsd.org>; Tue, 2 Sep 1997 04:55:58 -0700 (PDT)
Received: (from eivind@localhost)
	by bitbox.follo.net (8.8.6/8.8.6) id NAA20806;
	Tue, 2 Sep 1997 13:55:28 +0200 (MET DST)
Date: Tue, 2 Sep 1997 13:55:28 +0200 (MET DST)
Message-Id: <199709021155.NAA20806@bitbox.follo.net>
From: Eivind Eklund <perhaps@yes.no>
To: =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= <ache@nagual.pp.ru>
CC: current@freebsd.org
In-reply-to: =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?='s message of Tue, 2 Sep 1997
	13:08:13 +0400 (MSD)
Subject: Re: games uid->gid does too much damage! Who ever got this idea and why?
References: <199709011843.UAA18450@bitbox.follo.net>
	<Pine.BSF.3.96.970902125719.716A-100000@nagual.pp.ru>
Sender: owner-freebsd-current@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> > > It means that any user which run 'snake' first time can damage (overwrite)
> > > scores and log file. Similar thing for other games too.
> > 
> > We might want to make /var/games 0770 instead of 0775; this should
> > solve this problem.
> 
> Please please check what _each_ game really does. Please test _each_ game
> writing reading scores/stats properly. 0770 will break things too since
> some games assume public readable scores. 

OK, I'm going through and testing implications of this.  I'll check
where it might be necessary to set umasks, too.

> I have nothing about the idea in general, but I wonder, how ever you
> decide to commit some stuff which:
> 
> 1) Do setuid() stuff for games which not installed sguid.

This is from OpenBSD., I assumed their code was there for a
reason; and on thinking this through, I actually found a fairly good
reason for it to be there - this allow an administrator to move around
which games are hidden and not without compromising any security.  Is
there any good reason why they SHOULDN'T be there?

> 2) Broke all games which collect scores.
>
> It means that you commit completely untested thing, if you ever run
> some games after commit as I do, you'll see it. 

I tested that games could run and save/load score-files.  No, I didn't
pay notice to the UIDs saved in /var/games - sorry.  However, I
actually _did_ test.

Eivind.