When a game ends that makes the top 10, the function insert_score in
score.c is called to make the new score file. But the case for KFIRE
(killed by fire) incorrectly uses strcpy instead of strcat (all the
other cases use strcat). This puts the string in the wrong place and
corrupts the score file.
Games which run setgid from dm, but don't need to, should drop their
privileges at startup.
Games which have a scorefile should open it at startup, then drop all
privileges leaving just the open writable file descriptor. If the
game can invoke subprocesses, this should be made close-on-exec.
Games with scorefiles should make sure they do not get a file
descriptor < 3. (Otherwise, they could get confused and corrupt the
scorefile when using stdin, stdout or stderr.)
Some old setuid revokes from the days of setuid games change into gid
revokes.
wiz