This patch dates (mostly) back to 2002; the critical parts of it were
handled back then by security-officer. As far as I know, there's
nothing exploitable fixed herein.
A slightly earlier version of this patch was reviewed by Christian Biere
when I filed it as PR 34750.
Games which run setgid from dm, but don't need to, should drop their
privileges at startup.
Games which have a scorefile should open it at startup, then drop all
privileges leaving just the open writable file descriptor. If the
game can invoke subprocesses, this should be made close-on-exec.
Games with scorefiles should make sure they do not get a file
descriptor < 3. (Otherwise, they could get confused and corrupt the
scorefile when using stdin, stdout or stderr.)
Some old setuid revokes from the days of setuid games change into gid
revokes.
plunky