Xref: utzoo comp.unix.xenix.sco:2265 comp.unix.admin:1638
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!cs.utexas.edu!chinacat!chip
From: chip@chinacat.Unicom.COM (Chip Rosenthal)
Newsgroups: comp.unix.xenix.sco,comp.unix.admin
Subject: Re: WARNING: SCO-Xenix game "hack", setuid root NO DANGER, OOOOPS
Message-ID: <1953@chinacat.Unicom.COM>
Date: 19 Apr 91 22:15:37 GMT
References: <1991Apr17.192850.10450@odbffm.incom.de> <1991Apr18.213843.18297@odbffm.incom.de>
Followup-To: comp.unix.xenix.sco
Organization: Unicom Systems Development, Austin, TX
Lines: 13

In article <1991Apr18.213843.18297@odbffm.incom.de>
	oli@odbffm.incom.de (Oliver Boehmer) writes:
>But one thing I'd really like to know: Why the &/%$"&/ is hack setuid? 

So that it can write bones and other such stuff to the games library
directory.  You might want to try creating a `games' UID, chown
everything under /usr/games/lib to it, and making hack setuid to
`games'.  This is the approach SCO takes with games distribution under
UNIX.
-- 
Chip Rosenthal  512-482-8260  |
Unicom Systems Development    |    I saw Elvis in my wtmp file.
<chip@chinacat.Unicom.COM>    |