5367f3400c
Games which run setgid from dm, but don't need to, should drop their privileges at startup. Games which have a scorefile should open it at startup, then drop all privileges leaving just the open writable file descriptor. If the game can invoke subprocesses, this should be made close-on-exec. Games with scorefiles should make sure they do not get a file descriptor < 3. (Otherwise, they could get confused and corrupt the scorefile when using stdin, stdout or stderr.) Some old setuid revokes from the days of setuid games change into gid revokes. |
||
|---|---|---|
| .. | ||
| auto.c | ||
| extern.c | ||
| flush_in.c | ||
| init_field.c | ||
| main.c | ||
| make_level.c | ||
| Makefile | ||
| move_robs.c | ||
| move.c | ||
| pathnames.h | ||
| play_level.c | ||
| query.c | ||
| rnd_pos.c | ||
| robots.6 | ||
| robots.h | ||
| score.c | ||