Xref: utzoo comp.unix.xenix.sco:2317 comp.unix.admin:1663
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!dali.cs.montana.edu!milton!mtv
From: mtv@milton.u.washington.edu (David Schanen)
Newsgroups: comp.unix.xenix.sco,comp.unix.admin,sub.security
Subject: Re: WARNING: SCO-Xenix game "hack", setuid root NO DANGER, OOOOPS
Message-ID: <1991Apr24.065940.24362@milton.u.washington.edu>
Date: 24 Apr 91 06:59:40 GMT
References: <1991Apr17.192850.10450@odbffm.incom.de> <1991Apr18.213843.18297@odbffm.incom.de>
Organization: I'm working on it...
Lines: 13


   It's probably setuid so that the program can update a score file.  The
score file should have protections set so that noone can modify it without
running the program(setuid and owned by 'user'.)  If you are really concerned
you can make a games user (and possibly group) for all the games stuff.

	-Dave

Ps  What is the newsgroup sub.security?

-- 

 Inet: mtv@milton.u.washington.edu  * 8kyu *  UUNET: ...uunet!uw-beaver!u!mtv