On Wed, 19 Nov 1997, Bruce Barnett wrote:

: >Anyway, most of the games should be easy to convert to setgid games. Just
: >make /var/games 775, eg.
: 
: I disagree, and no one else has. Let me explain.
: 
: If the games directory is group writable, then any setgid to games
: program could replace one of the files in this directory (a trojan
: horse attack). This isn't a big threat, if root never executes any
: games.

No, /var/games should be 770 -- the high score/save game file directory. 
The executable directory, /usr/games, remains 755, with ``root'' owning all
executables, group ``games'', and all executables mode 755 (or 2755).  The
/usr/games/hide directory would be mode 750. 

High score files could certainly be created on the fly, with the only trojan
horse possibility being a fake set of high score files. 

Precreating the high score files, however, is also a good idea in
_addition_ to this IMHO.

=====
== Todd Vierling (Personal tv@pobox.com; Business tv@lucent.com)
== Vierling's Axiom: The revolution won't be televised; it will be posted.