Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!linus!decvax!tektronix!ogcvax!omsvax!hplabs!sri-unix!bob@ucla-locus
From: bob%ucla-locus@sri-unix.UUCP
Newsgroups: net.unix-wizards
Subject: Protecting games
Message-ID: <11812@sri-arpa.UUCP>
Date: Mon, 19-Sep-83 13:09:59 EDT
Article-I.D.: sri-arpa.11812
Posted: Mon Sep 19 13:09:59 1983
Date-Received: Fri, 23-Sep-83 23:15:04 EDT
Lines: 17

From:            Bob English <bob@ucla-locus>

Protecting the "real" game programs and using a SUID or SGID program
to access them works just fine UNLESS the game program itself allows
the user to fork off a shell.  If that occurs, the user would
have all the permissions he needs to access the games himself
(the SGID case is particularly nasty).

In order for the Trojan Horse method to work, the permissions
needed to invoke the game must be denied to the the game itself.
The only way to do this reliably is to have a "Lose effective
u/gid on exec" function, which does not exist in v7 or 4.1bsd
(I'm not sure about later versions).

This, of course, involves changing the kernel.

--bob--