From: utzoo!decvax!harpo!esquire!nrh Newsgroups: net.games.rogue Title: How to plug the "rascal" hole Article-I.D.: esquire.376 Posted: Sat Jul 31 13:30:29 1982 Received: Sun Aug 1 01:49:53 1982 References: ucbarpa.1819 A suggestion about how to plug the "rascal" hole in rogue security: It would be fairly easy to make rogue so that the save files are mode 4400 and owned by bin (or whoever owns the rogue records on your machine). A re-starting rogue could then check that the rogue.save file is mode 4400 and owned by the same uid as the effective uid of rogue. Since being able to create a setuid file not owned by you is the same as being able to "break the system" the problem of how to fake out rogue gets somewhat harder. What a hack! Do you suppose people will start UNIX-busting now? Oh well, as someone who EARNS his gold, I'm all in favor of a tighter security mechanism for saved games. Nat Howard (Mr. Natural) One time "total winner"