From: utzoo!decvax!decwrl!sun!megatest!fortune!hpda!hplabs!sri-unix!fred.umcp-cs@Udel-Relay
Newsgroups: net.unix-wizards
Title: Re: Set UID inquiry - (nf)
Article-I.D.: sri-arpa.803
Posted: Wed Mar 23 13:08:06 1983
Received: Tue Apr  5 04:49:31 1983

From:  Fred Blonder <fred.umcp-cs@Udel-Relay>

From: decvax!genradbo!mitccc!jfw@UCB-C70 (John Woods)

	Specifically, we have a program called "games_mgr" here
	which intercepts requests to play games to check whether
	or not it is game time, etc.  I wanted the games directory
	to be non-searchable except to user GAMES, but this would
	leave the players set to that UID while playing the game.
	If games_mgr does the setuid(getuid()), you lose on the
	exec.  Hence, I thought of a system call to tell the kernel
	to do the setuid(getuid()) upon exec.

How about just setting up a ``games'' group? The directory and all
the games within it would be owned by group ``games'' and set to
mode drwxr-x---. ``Games_mgr'' could be set-gid so that it could
access the games. Even if a user got his own link to a game he
wouldn't be able to execute it since he would have no way (other
than games_mgr) to set his group id to ``games''.