Change games from setuid games to setgid games.

Reviewed by: maybe@yes.no Obtained from: OpenBSD (mostly deraadt@openbsd.org)
1997-09-01 00:34:51 +00:00 · 1997-09-01 00:34:51 +00:00 · 34a13bf4cb
commit 34a13bf4cb
parent e3ffd60e0a
44 changed files with 224 additions and 76 deletions
--- a/etc/mtree/BSD.usr.dist
+++ b/etc/mtree/BSD.usr.dist
@ -1,4 +1,4 @@
-#	$Id: BSD.usr.dist,v 1.95 1997/08/12 15:54:05 ache Exp $
+#	$Id: BSD.usr.dist,v 1.96 1997/08/18 00:08:16 jdp Exp $
 #

 /set type=dir uname=bin gname=bin mode=0755
@ -7,7 +7,7 @@
    ..
 /set type=dir uname=games gname=bin mode=0700
    games           uname=bin mode=0755
-        hide
+        hide        gname=games uname=root mode=0550
        ..
    ..
 /set type=dir uname=bin gname=bin mode=0755
--- a/etc/mtree/BSD.var.dist
+++ b/etc/mtree/BSD.var.dist
@ -1,4 +1,4 @@
-#	$Id: BSD.var.dist,v 1.30 1997/05/03 20:15:15 jkh Exp $
+#	$Id: BSD.var.dist,v 1.31 1997/07/29 11:23:14 ache Exp $
 #

 /set type=dir uname=bin gname=bin mode=0755
@ -23,13 +23,13 @@
    ..
    db              uname=bin gname=bin mode=0755
    ..
-/set type=dir uname=games gname=bin mode=0755
-    games
-        hackdir
+/set type=dir uname=root gname=bin mode=0755
+    games                gname=games mode=0775
+        hackdir          gname=games mode=0775
        ..
-        larn
+        larn             gname=games mode=0775
        ..
-        phantasia
+        phantasia        gname=games mode=0775
        ..
    ..
    log             uname=bin
--- a/games/Makefile.inc
+++ b/games/Makefile.inc
@ -1,9 +1,9 @@
 #	@(#)Makefile.inc	8.1 (Berkeley) 5/31/93

-BINOWN=        games
+BINGRP=       games
 .if defined(HIDEGAME)
-BINDIR=        /usr/games/hide
-BINMODE=       4700
+BINDIR?=       /usr/games/hide
+BINMODE=       550
 .else
 BINDIR=        /usr/games
 .endif
--- a/games/adventure/hdr.h
+++ b/games/adventure/hdr.h
@ -52,6 +52,7 @@
 */

 /* hdr.h: included by c advent files */
+#include <sys/types.h>

 int datfd;                              /* message file descriptor      */
 int delhit;
@ -128,7 +129,7 @@ int hntmax;
 int hints[20][5];                       /* info on hints                */
 int hinted[20],hintlc[20];

-int place[101], prop[101],link[201];
+int place[101], prop[101],linkx[201];
 int abb[LOCSIZ];

 int maxtrs,tally,tally2;                /* treasure values              */
@ -161,3 +162,5 @@ unsigned long crc();

 /* We need to get a little tricky to avoid strings */
 #define DECR(a,b,c,d,e) decr('a'+'+','b'+'-','c'+'#','d'+'&','e'+'%')
+
+gid_t	egid;
--- a/games/adventure/main.c
+++ b/games/adventure/main.c
@ -64,6 +64,9 @@ char **argv;
 	struct text *kk;
 	extern trapdel();

+	egid = getegid();
+	setegid(getgid());
+
 	init();         /* Initialize everything */
 	signal(2,trapdel);

@ -117,7 +120,7 @@ char **argv;
 		if (loc==33 && pct(25)&&!closng) rspeak(8);
 		if (!dark(0))
 		{       abb[loc]++;
-			for (i=atloc[loc]; i!=0; i=link[i])     /*2004  */
+			for (i=atloc[loc]; i!=0; i=linkx[i])     /*2004  */
 			{       obj=i;
 				if (obj>100) obj -= 100;
 				if (obj==steps && toting(nugget)) continue;
@ -261,7 +264,7 @@ char **argv;
 	l4080:
 		switch(verb)
 		{   case 1:                     /* take = 8010          */
-			if (atloc[loc]==0||link[atloc[loc]]!=0) goto l8000;
+			if (atloc[loc]==0||linkx[atloc[loc]]!=0) goto l8000;
 			for (i=1; i<=5; i++)
 				if (dloc[i]==loc&&dflag>=2) goto l8000;
 			obj=atloc[loc];
--- a/games/adventure/save.c
+++ b/games/adventure/save.c
@ -108,7 +108,7 @@ struct savestruct save_array[] =
 	dseen,          sizeof(dseen),
 	fixed,          sizeof(fixed),
 	hinted,         sizeof(hinted),
-	link,           sizeof(link),
+	linkx,           sizeof(linkx),
 	odloc,          sizeof(odloc),
 	place,          sizeof(place),
 	prop,           sizeof(prop),
@ -125,24 +125,23 @@ char *outfile;  /* to output the data using checksum to start random #s */
 	char *s;
 	long sum;
 	int i;
-	uid_t euid_save;

 	crc_start();
 	for (p = save_array; p->address != NULL; p++)
 		sum = crc(p->address, p->width);
 	srandom((int) sum);

-	euid_save = geteuid();
-	seteuid(getuid());
-
+	setegid(egid);
 	if ((out = fopen(outfile, "wb")) == NULL)
 	{
 	    fprintf(stderr,
 		"Hmm.  The name \"%s\" appears to be magically blocked.\n",
 		outfile);
-		seteuid(euid_save);
+		setegid(getgid());
 	    return 1;
 	}
+	setegid(getgid());
+
 	fwrite(&sum, sizeof(sum), 1, out);      /* Here's the random() key */
 	for (p = save_array; p->address != NULL; p++)
 	{
@ -151,7 +150,6 @@ char *outfile;  /* to output the data using checksum to start random #s */
 		fwrite(p->address, p->width, 1, out);
 	}
 	fclose(out);
-	seteuid(euid_save);
 	return 0;
 }

@ -163,19 +161,18 @@ char *infile;
 	char *s;
 	long sum, cksum;
 	int i;
-	uid_t euid_save;
-
-	euid_save = geteuid();
-	seteuid(euid_save);

+	setegid(egid);
 	if ((in = fopen(infile, "rb")) == NULL)
 	{
 	    fprintf(stderr,
 		"Hmm.  The file \"%s\" appears to be magically blocked.\n",
 		infile);
-		seteuid(euid_save);
+		setegid(getgid());
 	    return 1;
 	}
+	setegid(getgid());
+
 	fread(&sum, sizeof(sum), 1, in);        /* Get the seed */
 	srandom((int) sum);
 	for (p = save_array; p->address != NULL; p++)
@ -185,7 +182,6 @@ char *infile;
 			*s = (*s ^ random()) & 0xFF;  /* Lightly decrypt */
 	}
 	fclose(in);
-	seteuid(euid_save);

 	crc_start();                            /* See if she cheated */
 	for (p = save_array; p->address != NULL; p++)
--- a/games/adventure/vocab.c
+++ b/games/adventure/vocab.c
@ -91,11 +91,11 @@ int object,where;
 		holdng++;
 	}
 	if (atloc[where]==object)
-	{       atloc[where]=link[object];
+	{       atloc[where]=linkx[object];
 		return;
 	}
-	for (temp=atloc[where]; link[temp]!=object; temp=link[temp]);
-	link[temp]=link[object];
+	for (temp=atloc[where]; linkx[temp]!=object; temp=linkx[temp]);
+	linkx[temp]=linkx[object];
 }


@ -107,7 +107,7 @@ int object,where;
 		place[object]=where;
 	}
 	if (where<=0) return;
-	link[object]=atloc[where];
+	linkx[object]=atloc[where];
 	atloc[where]=object;
 }

--- a/games/atc/main.c
+++ b/games/atc/main.c
@ -70,6 +70,10 @@ main(ac, av)
 	extern char		*default_game(), *okay_game();
 	extern void		log_score(), quit(), update();

+	/* revoke privs */
+	setegid(getgid());
+	setgid(getgid());
+
 	start_time = seed = time(0);

 	name = *av++;
--- a/games/backgammon/backgammon/main.c
+++ b/games/backgammon/backgammon/main.c
@ -110,6 +110,10 @@ char	**argv;
 	uid = getuid();
 	setreuid (uid,uid);

+	/* revoke privs */
+	setegid(getgid());
+	setgid(getgid());
+
 	/* initialization */
 	bflag = 2;					/* default no board */
 	acnt = 1;                                       /* Nuber of args */
--- a/games/backgammon/teachgammon/teach.c
+++ b/games/backgammon/teachgammon/teach.c
@ -80,11 +80,10 @@ char	**argv;

 {
 	register int	i;
-	uid_t uid;

-	/*Drop the privilege.*/
-	uid = getuid();
-	setreuid (uid,uid);
+	/* revoke privs */
+	setegid(getgid());
+	setgid(getgid());

 	acnt = 1;
 	signal (2,getout);
--- a/games/battlestar/battlestar.c
+++ b/games/battlestar/battlestar.c
@ -57,6 +57,12 @@ char **argv;
 	char mainbuf[LINELENGTH];
 	char *next;

+	open_score_file();
+
+	/* revoke privs. */
+	egid = getegid();
+	setegid(getgid());
+
 	initialize(argc < 2 || strcmp(argv[1], "-r"));
 start:
 	news();
--- a/games/battlestar/com6.c
+++ b/games/battlestar/com6.c
@ -91,10 +91,17 @@ live()

 #include <sys/time.h>

+static FILE *score_fp;
+
+open_score_file()
+{
+	if ((score_fp = fopen(_PATH_SCORE,"a")) == NULL)
+		perror(_PATH_SCORE);
+}
+
 post(ch)
 char ch;
 {
-	FILE *fp;
 	struct timeval tv;
 	char *date, *ctime();
 	int s = sigblock(sigmask(SIGINT));
@ -102,16 +109,15 @@ char ch;
 	gettimeofday(&tv, (struct timezone *)0);	/* can't call time */
 	date = ctime(&tv.tv_sec);
 	date[24] = '\0';
-	if (fp = fopen(_PATH_SCORE,"a")) {
-		fprintf(fp, "%s  %8s  %c%20s", date, uname, ch, rate());
-		if (wiz)
-			fprintf(fp, "   wizard\n");
-		else if (tempwiz)
-			fprintf(fp, "   WIZARD!\n");
-		else
-			fprintf(fp, "\n");
-	} else
-		perror(_PATH_SCORE);
+
+	fprintf(score_fp, "%s  %8s  %c%20s", date, uname, ch, rate());
+	if (wiz)
+		fprintf(score_fp, "   wizard\n");
+	else if (tempwiz)
+		fprintf(score_fp, "   WIZARD!\n");
+	else
+		fprintf(score_fp, "\n");
+
 	sigsetmask(s);
 }

--- a/games/battlestar/externs.h
+++ b/games/battlestar/externs.h
@ -33,6 +33,7 @@
 *	@(#)externs.h	8.1 (Berkeley) 5/31/93
 */

+#include <errno.h>
 #include <sys/param.h>
 #include <sys/signal.h>
 #include <stdio.h>
@ -298,3 +299,5 @@ struct objs {
 };
 struct objs dayobjs[];
 struct objs nightobjs[];
+
+gid_t	egid;
--- a/games/battlestar/save.c
+++ b/games/battlestar/save.c
@ -55,10 +55,13 @@ restore()
  	  sprintf(home1, "%.*s/Bstar", MAXPATHLEN - 7, home);
 	else return;

+	setegid(egid);
 	if ((fp = fopen(home1, "r")) == 0) {
 		perror(home1);
+		setegid(getgid());
 		return;
 	}
+	setegid(getgid());
 	fread(&WEIGHT, sizeof WEIGHT, 1, fp);
 	fread(&CUMBER, sizeof CUMBER, 1, fp);
 	fread(&gclock, sizeof gclock, 1, fp);
@ -112,30 +115,36 @@ save()
 		return;
 	sprintf(home1, "%.*s/Bstar", MAXPATHLEN - 7, home);

+	setegid(egid);
 	/* Try to open the file safely. */
 	if (stat(home1, &sbuf) < 0) {	  	
 		fd = open(home1, O_WRONLY|O_CREAT|O_EXCL);
 	        if (fd < 0) {
          		fprintf(stderr, "Can't create %s\n", home1);
+				setegid(getgid());
           		return;
 	        }
 	} else {
-		if (sbuf.st_nlink > 1) {
+		if (sbuf.st_mode & S_IFLNK) {
 			fprintf(stderr, "No symlinks!\n");
+			setegid(getgid());
 			return;
 		}

 		fd = open(home1, O_WRONLY|O_EXCL);
 		if (fd < 0) {
 			fprintf(stderr, "Can't open %s for writing\n", home1);
+			setegid(getgid());
 			return;
 		}
 	}

 	if ((fp = fdopen(fd, "w")) == 0) {
 		perror(home1);
+		setegid(getgid());
 		return;
 	}
+	setegid(getgid());

 	printf("Saved in %s.\n", home1);
 	fwrite(&WEIGHT, sizeof WEIGHT, 1, fp);
--- a/games/bcd/bcd.c
+++ b/games/bcd/bcd.c
@ -131,6 +131,10 @@ main(argc, argv)
 	 * but this seems kind of silly.  So this one doesn't.
 	 */

+	/* revoke privs */
+	setegid(getgid());
+	setgid(getgid());
+
 	if (argc > 1) {
 		while (--argc)
 			printcard(*++argv);
--- a/games/bs/bs.c
+++ b/games/bs/bs.c
@ -1202,6 +1202,10 @@ main(argc, argv)
 int argc;
 char *argv[];
 {
+    /* revoke privs */
+    setegid(getgid());
+    setgid(getgid());
+
    do_options(argc, argv);

    intro();
--- a/games/caesar/caesar.c
+++ b/games/caesar/caesar.c
@ -83,6 +83,10 @@ void main(argc, argv)
 	register char *inbuf;
 	int obs[26], try, winner;

+	/* revoke privs */
+	setegid(getgid());
+	setgid(getgid());
+
 	if (argc > 1)
 		printit(argv[1]);

--- a/games/canfield/canfield/canfield.c
+++ b/games/canfield/canfield/canfield.c
@ -1570,10 +1570,10 @@ initall()
 	srandom(getpid());
 	time(&acctstart);
 	initdeck(deck);
-	uid = getuid();
 	if (uid < 0)
 		uid = 0;
 	dbfd = open(_PATH_SCORE, 2);
+	setegid(getgid());
 	if (dbfd < 0)
 		return;
 	i = lseek(dbfd, uid * sizeof(struct betinfo), 0);
@ -1691,6 +1691,11 @@ main(argc, argv)
 	raw();
 	noecho();
 	initall();
+
+	/* revoke privs */
+	setegid(getgid());
+	setgid(getgid());
+
 	instruct();
 	makeboard();
 	for (;;) {
--- a/games/canfield/cfscores/cfscores.c
+++ b/games/canfield/cfscores/cfscores.c
@ -74,6 +74,11 @@ main(argc, argv)
 		perror(_PATH_SCORE);
 		exit(2);
 	}
+
+	/* revoke privs */
+	setegid(getgid());
+	setgid(getgid());
+
 	setpwent();
 	if (argc == 1) {
 		uid = getuid();
--- a/games/cribbage/crib.c
+++ b/games/cribbage/crib.c
@ -60,6 +60,10 @@ main(argc, argv)
 	BOOLEAN playing;
 	FILE *f;
 	int ch;
+	gid_t egid;
+
+	egid = getegid();
+	setegid(getgid());

 	while ((ch = getopt(argc, argv, "eqr")) != EOF)
 		switch (ch) {
@ -120,11 +124,13 @@ main(argc, argv)
 		playing = (getuchar() == 'Y');
 	} while (playing);

+	setegid(egid);
 	if (f = fopen(_PATH_LOG, "a")) {
 		(void)fprintf(f, "%s: won %5.5d, lost %5.5d\n",
 		    getlogin(), cgames, pgames);
 		(void) fclose(f);
 	}
+	setegid(getgid());
 	bye();
 	if (!f) {
 		(void) fprintf(stderr, "\ncribbage: can't open %s.\n",
--- a/games/dm/Makefile
+++ b/games/dm/Makefile
@ -4,7 +4,7 @@
 PROG=	dm
 MAN8=	dm.8
 MAN5=	dm.conf.5
-BINMODE=4555
-BINOWN=	games
+BINGRP= games
+BINMODE=2555

 .include <bsd.prog.mk>
--- a/games/dm/dm.c
+++ b/games/dm/dm.c
@ -47,6 +47,7 @@ static char sccsid[] = "@(#)dm.c	8.1 (Berkeley) 5/31/93";
 #include <sys/resource.h>

 #include <ctype.h>
+#include <errno.h>
 #include <nlist.h>
 #include <pwd.h>
 #include <stdio.h>
@ -71,7 +72,7 @@ main(argc, argv)
 	char *cp;

 	nogamefile();
-	game = (cp = rindex(*argv, '/')) ? ++cp : *argv;
+	game = (cp = strrchr(*argv, '/')) ? ++cp : *argv;

 	if (!strcmp(game, "dm"))
 		exit(0);
@ -95,11 +96,15 @@ play(args)
 {
 	char pbuf[MAXPATHLEN];

+	if (sizeof(_PATH_HIDE) + strlen(game) > sizeof(pbuf)) {
+		(void)fprintf(stderr, "dm: %s/%s: %s\n", _PATH_HIDE, game,
+			strerror(ENAMETOOLONG));
+		exit(1);
+	}
 	(void)strcpy(pbuf, _PATH_HIDE);
 	(void)strcpy(pbuf + sizeof(_PATH_HIDE) - 1, game);
 	if (priority > 0)	/* < 0 requires root */
 		(void)setpriority(PRIO_PROCESS, 0, priority);
-	setgid(getgid());	/* we run setgid kmem; lose it */
 	execv(pbuf, args);
 	(void)fprintf(stderr, "dm: %s: %s\n", pbuf, strerror(errno));
 	exit(1);
@ -162,11 +167,11 @@ c_day(s_day, s_start, s_stop)
 	start = atoi(s_start);
 	stop = atoi(s_stop);
 	if (ct->tm_hour >= start && ct->tm_hour < stop) {
-		fputs("dm: Sorry, games are not available from ", stderr);
+		(void)fputs("dm: Sorry, games are not available from ", stderr);
 		hour(start);
-		fputs(" to ", stderr);
+		(void)fputs(" to ", stderr);
 		hour(stop);
-		fputs(" today.\n", stderr);
+		(void)fputs(" today.\n", stderr);
 		exit(0);
 	}
 }
@ -182,12 +187,12 @@ c_tty(tty)
 	static char *p_tty;

 	if (first) {
-		p_tty = rindex(gametty, '/');
+		p_tty = strrchr(gametty, '/');
 		first = 0;
 	}

 	if (!strcmp(gametty, tty) || p_tty && !strcmp(p_tty, tty)) {
-		fprintf(stderr, "dm: Sorry, you may not play games on %s.\n", gametty);
+		(void)fprintf(stderr, "dm: Sorry, you may not play games on %s.\n", gametty);
 		exit(0);
 	}
 }
@ -208,11 +213,11 @@ c_game(s_game, s_load, s_users, s_priority)
 		return;
 	++found;
 	if (isdigit(*s_load) && atoi(s_load) < load()) {
-		fputs("dm: Sorry, the load average is too high right now.\n", stderr);
+		(void)fputs("dm: Sorry, the load average is too high right now.\n", stderr);
 		exit(0);
 	}
 	if (isdigit(*s_users) && atoi(s_users) <= users()) {
-		fputs("dm: Sorry, there are too many users logged on right now.\n", stderr);
+		(void)fputs("dm: Sorry, there are too many users logged on right now.\n", stderr);
 		exit(0);
 	}
 	if (isdigit(*s_priority))
@ -229,7 +234,7 @@ load()
 	double avenrun[3];

 	if (getloadavg(avenrun, sizeof(avenrun)/sizeof(avenrun[0])) < 0) {
-		fputs("dm: getloadavg() failed.\n", stderr);
+		(void)fputs("dm: getloadavg() failed.\n", stderr);
 		exit(1);
 	}
 	return(avenrun[2]);
@ -281,16 +286,16 @@ hour(h)
 {
 	switch(h) {
 	case 0:
-		fputs("midnight", stderr);
+		(void)fputs("midnight", stderr);
 		break;
 	case 12:
-		fputs("noon", stderr);
+		(void)fputs("noon", stderr);
 		break;
 	default:
 		if (h > 12)
-			fprintf(stderr, "%dpm", h - 12);
+			(void)fprintf(stderr, "%dpm", h - 12);
 		else
-			fprintf(stderr, "%dam", h);
+			(void)fprintf(stderr, "%dam", h);
 	}
 }

--- a/games/factor/factor.c
+++ b/games/factor/factor.c
@ -94,6 +94,10 @@ main(argc, argv)
 	int ch;
 	char *p, buf[100];		/* > max number of digits. */

+	/* revoke privs */
+	setegid(getgid());
+	setgid(getgid());
+
 	while ((ch = getopt(argc, argv, "")) != EOF)
 		switch (ch) {
 		case '?':
--- a/games/grdc/grdc.c
+++ b/games/grdc/grdc.c
@ -56,6 +56,10 @@ int n = 0;

 	initscr();

+	/* revoke privs */
+	setegid(getgid());
+	setgid(getgid());
+
 	signal(SIGINT,sighndl);
 	signal(SIGTERM,sighndl);
 	signal(SIGHUP,sighndl);
--- a/games/hack/hack.main.c
+++ b/games/hack/hack.main.c
@ -116,6 +116,7 @@ char *argv[];
 	 */
 	gettty();
 	setbuf(stdout,obuf);
+	umask(007);
 	setrandom();
 	startup();
 	cls();
@ -458,8 +459,9 @@ boolean wr;
 	       && strcmp(dir, HACKDIR)		/* and not the default? */
 #endif
 		) {
-		(void) setuid(getuid());		/* Ron Wessels */
-		(void) setgid(getgid());
+		/* revoke */
+		setegid(getgid());
+		setgid(getgid());
 	}
 #endif

--- a/games/hack/hack.pager.c
+++ b/games/hack/hack.pager.c
@ -378,8 +378,9 @@ child(wt) {
 	f = fork();
 	if(f == 0){		/* child */
 		settty((char *) 0);		/* also calls end_screen() */
-		(void) setuid(getuid());
-		(void) setgid(getgid());
+		/* revoke */
+		setegid(getgid());
+		setgid(getgid());
 #ifdef CHDIR
 		(void) chdir(getenv("HOME"));
 #endif CHDIR
--- a/games/hangman/main.c
+++ b/games/hangman/main.c
@ -50,6 +50,10 @@ main()
 {
 	void die();

+	/* revoke */
+	setegid(getgid());
+	setgid(getgid());
+
 	initscr();
 	signal(SIGINT, die);
 	setup();
--- a/games/mille/mille.c
+++ b/games/mille/mille.c
@ -59,8 +59,9 @@ reg char	*av[]; {

 	reg bool	restore;

-	/* run as the user */
-	setuid(getuid());
+	/* revoke */
+	setegid(getgid());
+	setgid(getgid());

 	if (strcmp(av[0], "a.out") == 0) {
 		outf = fopen("q", "w");
--- a/games/morse/morse.c
+++ b/games/morse/morse.c
@ -212,6 +212,10 @@ main(int argc, char **argv)
 	register int    ch;
 	register char  *p;

+	/* revoke */
+	setegid(getgid());
+	setgid(getgid());
+
 	while ((ch = getopt(argc, argv, "spw:f:")) != EOF)
 		switch ((char) ch) {
 		case 'f':
--- a/games/number/number.c
+++ b/games/number/number.c
@ -91,6 +91,10 @@ main(argc, argv)
 	int ch, first;
 	char line[256];

+	/* revoke */
+	setegid(getgid());
+	setgid(getgid());
+
 	lflag = 0;
 	while ((ch = getopt(argc, argv, "l")) != EOF)
 		switch (ch) {
--- a/games/pig/pig.c
+++ b/games/pig/pig.c
@ -61,6 +61,10 @@ main(argc, argv)
 	int ch;
 	char buf[1024];

+	/* revoke */
+	setegid(getgid());
+	setgid(getgid());
+
 	while ((ch = getopt(argc, argv, "")) != EOF)
 		switch(ch) {
 		case '?':
--- a/games/pom/pom.c
+++ b/games/pom/pom.c
@ -79,6 +79,10 @@ main()
 	double days, today, tomorrow;
 	int cnt;

+	/* revoke */
+	setegid(getgid());
+	setgid(getgid());
+
 	(void) time(&tt);
 	GMT = gmtime(&tt);
 	days = (GMT->tm_yday + 1) + ((GMT->tm_hour +
--- a/games/ppt/ppt.c
+++ b/games/ppt/ppt.c
@ -52,6 +52,10 @@ main(argc, argv)
 	register int c;
 	register char *p;

+	/* revoke */
+	setegid(getgid());
+	setgid(getgid());
+
 	(void) puts("___________");
 	if (argc > 1)
 		while (p = *++argv)
--- a/games/primes/primes.c
+++ b/games/primes/primes.c
@ -115,6 +115,10 @@ main(argc, argv)
 	int ch;
 	char *p;

+	/* revoke */
+	setegid(getgid());
+	setgid(getgid());
+
 	while ((ch = getopt(argc, argv, "")) != EOF)
 		switch (ch) {
 		case '?':
--- a/games/quiz/quiz.c
+++ b/games/quiz/quiz.c
@ -81,6 +81,10 @@ main(argc, argv)
 	register int ch;
 	char *indexfile;

+	/* revoke */
+	setegid(getgid());
+	setgid(getgid());
+
 	indexfile = _PATH_QUIZIDX;
 	while ((ch = getopt(argc, argv, "i:t")) != EOF)
 		switch(ch) {
--- a/games/rain/rain.c
+++ b/games/rain/rain.c
@ -80,6 +80,10 @@ main(argc, argv)
 	int xpos[5], ypos[5];
 	static void onsig();

+	/* revoke */
+	setegid(getgid());
+	setgid(getgid());
+
 	if (!(term = getenv("TERM"))) {
 		fprintf(stderr, "%s: TERM: parameter not set\n", *argv);
 		exit(1);
--- a/games/random/random.c
+++ b/games/random/random.c
@ -66,6 +66,10 @@ main(argc, argv)
 	int ch, random_exit, selected, unbuffer_output;
 	char *ep;

+	/* revoke */
+	setegid(getgid());
+	setgid(getgid());
+
 	random_exit = unbuffer_output = 0;
 	while ((ch = getopt(argc, argv, "er")) != EOF)
 		switch (ch) {
--- a/games/robots/main.c
+++ b/games/robots/main.c
@ -56,6 +56,10 @@ char	**av;
 	extern int	Max_per_uid;
 	void quit();

+	/* revoke */
+	setegid(getgid());
+	setgid(getgid());
+
 	show_only = FALSE;
 	if (ac > 1) {
 		bad_arg = FALSE;
@ -64,8 +68,6 @@ char	**av;
 				if (isdigit(av[0][0]))
 					Max_per_uid = atoi(av[0]);
 				else {
-					setuid(getuid());
-					setgid(getgid());
 					Scorefile = av[0];
 # ifdef	FANCY
 					sp = rindex(Scorefile, '/');
--- a/games/snake/snake/snake.c
+++ b/games/snake/snake/snake.c
@ -93,6 +93,9 @@ int repeat=1;
 long tv;
 char *tn;

+int rawscores;
+FILE *logfile;
+
 main(argc,argv)
 int argc;
 char **argv;
@ -103,6 +106,13 @@ char **argv;
 	long atol();
 	void stop();

+	rawscores = open(_PATH_RAWSCORES, O_RDWR|O_CREAT, 0644);
+	logfile = fopen(_PATH_LOGFILE, "a");
+
+	/* revoke privs */
+	setegid(getgid());
+	setgid(getgid());
+
 	(void)time(&tv);
 	srandom((int)tv);

@ -464,7 +474,6 @@ post(iscore, flag)
 int	iscore, flag;
 {
 	short	score = iscore;
-	int	rawscores;
 	short	uid;
 	short	oldbest=0;
 	short	allbwho=0, allbscore=0;
@ -477,7 +486,7 @@ int	iscore, flag;
 		pr("No saved scores for uid %d.\n", uid);
 		return(1);
 	}
-	if ((rawscores = open(_PATH_RAWSCORES, O_RDWR|O_CREAT, 0644)) < 0) {
+	if (rawscores == -1) {
 		pr("No score file %s: %s.\n", _PATH_RAWSCORES,
 		    strerror(errno));
 		return(1);
@ -880,10 +889,9 @@ int num;
 logit(msg)
 char *msg;
 {
-	FILE *logfile;
 	long t;

-	if ((logfile=fopen(_PATH_LOGFILE, "a")) != NULL) {
+	if (logfile != NULL) {
 		time(&t);
 		fprintf(logfile, "%s $%d %dx%d %s %s",
 		    getlogin(), cashvalue, lcnt, ccnt, msg, ctime(&t));
--- a/games/snake/snscore/snscore.c
+++ b/games/snake/snscore/snscore.c
@ -68,10 +68,16 @@ main()
 	struct	passwd	*p;

 	fd = fopen(recfile, "r");
+
 	if (fd == NULL) {
 		perror(recfile);
 		exit(1);
 	}
+
+	/* revoke privs */
+	setegid(getgid());
+	setgid(getgid());
+
 	printf("Snake players scores to date\n");
 	fread(&whoallbest, sizeof(short), 1, fd);
 	fread(&allbest, sizeof(short), 1, fd);
--- a/games/trek/main.c
+++ b/games/trek/main.c
@ -161,6 +161,8 @@ char	**argv;
 	register char		**av;
 	struct	sgttyb		argp;

+	setgid(getgid());
+
 	av = argv;
 	ac = argc;
 	av++;
--- a/games/worm/worm.c
+++ b/games/worm/worm.c
@ -85,6 +85,10 @@ main(argc, argv)
 {
 	char ch;

+	/* revoke */
+	setegid(getgid());
+	setgid(getgid());
+
 	if (argc == 2)
 		start_len = atoi(argv[1]);
 	if ((start_len <= 0) || (start_len > 500))
--- a/games/worms/worms.c
+++ b/games/worms/worms.c
@ -201,6 +201,10 @@ main(argc, argv)
 	struct sgttyb tt;
 	extern short ospeed;

+	/* revoke */
+	setegid(getgid());
+	setgid(getgid());
+
 	length = 16;
 	number = 3;
 	trail = ' ';
--- a/games/wump/wump.c
+++ b/games/wump/wump.c
@ -111,6 +111,10 @@ main(argc, argv)
 	extern char *optarg;
 	int c;

+	/* revoke */
+	setegid(getgid());
+	setgid(getgid());
+
 #ifdef DEBUG
 	while ((c = getopt(argc, argv, "a:b:hp:r:t:d")) != EOF)
 #else