aeb@mcvax.UUCP (Andries Brouwer) (05/09/85)
As Dhutchin@cs.ucl.AC.UK pointed out hack contains the following security bug. At the start of a game a file is created with as filename the loginname of the player. If he is called 'data' or 'rumors' or 'hack' then you are in trouble. In fact it is even worse. One of the options allows you to choose your playing name, and one might choose '../../something' as name, and destroy whatever hack has write access to. The fix is easy and obvious, but since this happens in a place in the source where my current version is rather different from the distributed one I'd rather wait till the next release. If you are really concerned (You occupy the first place on the list of topscorers and are afraid that one of your students might blow away the score file) then ask for the diffs. When enough people ask I'll post them.