nrh (07/31/82)
A suggestion about how to plug the "rascal" hole in rogue security: It would be fairly easy to make rogue so that the save files are mode 4400 and owned by bin (or whoever owns the rogue records on your machine). A re-starting rogue could then check that the rogue.save file is mode 4400 and owned by the same uid as the effective uid of rogue. Since being able to create a setuid file not owned by you is the same as being able to "break the system" the problem of how to fake out rogue gets somewhat harder. What a hack! Do you suppose people will start UNIX-busting now? Oh well, as someone who EARNS his gold, I'm all in favor of a tighter security mechanism for saved games. Nat Howard (Mr. Natural) One time "total winner"