This is CVE-2006-1539, files against Gentoo Linux, the patch is from
Gentoo.
A standard NetBSD installation is not as much risk because tetris is
sgid "games", and users shouldn't be in that group.
Games which run setgid from dm, but don't need to, should drop their
privileges at startup.
Games which have a scorefile should open it at startup, then drop all
privileges leaving just the open writable file descriptor. If the
game can invoke subprocesses, this should be made close-on-exec.
Games with scorefiles should make sure they do not get a file
descriptor < 3. (Otherwise, they could get confused and corrupt the
scorefile when using stdin, stdout or stderr.)
Some old setuid revokes from the days of setuid games change into gid
revokes.
This merges in all such remaining changes from the Linux port of the
NetBSD games, except in hunt (where substantial changes from OpenBSD
need to be looked at).
Some such changes were previously covered in PRs bin/6041, bin/6146,
bin/6148, bin/6150, bin/6151, bin/6580, bin/6660, bin/7993, bin/7994,
bin/8039, bin/8057 and bin/8093.