26 files changed, 216 insertions, 75 deletions

diff --git a/canfield/canfield/canfield.c b/canfield/canfield/canfield.c
index f13e1eb9..854bf2eb 100644
--- a/canfield/canfield/canfield.c
+++ b/canfield/canfield/canfield.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: canfield.c,v 1.14 1999/09/09 17:30:19 jsm Exp $	*/
+/*	$NetBSD: canfield.c,v 1.15 1999/09/12 09:02:20 jsm Exp $	*/
 
 /*
  * Copyright (c) 1980, 1993
@@ -43,7 +43,7 @@ __COPYRIGHT("@(#) Copyright (c) 1980, 1993\n\
 #if 0
 static char sccsid[] = "@(#)canfield.c	8.1 (Berkeley) 5/31/93";
 #else
-__RCSID("$NetBSD: canfield.c,v 1.14 1999/09/09 17:30:19 jsm Exp $");
+__RCSID("$NetBSD: canfield.c,v 1.15 1999/09/12 09:02:20 jsm Exp $");
 #endif
 #endif /* not lint */
 
@@ -1683,8 +1683,14 @@ initall()
 	if (uid < 0)
 		uid = 0;
 	dbfd = open(_PATH_SCORE, O_RDWR);
+
+	/* Revoke setgid privileges */
+	setregid(getgid(), getgid());
+
 	if (dbfd < 0)
 		return;
+	if (dbfd < 3)
+		exit(1);
 	i = lseek(dbfd, uid * sizeof(struct betinfo), SEEK_SET);
 	if (i < 0) {
 		close(dbfd);
diff --git a/canfield/cfscores/cfscores.c b/canfield/cfscores/cfscores.c
index 84216877..b4a291b5 100644
--- a/canfield/cfscores/cfscores.c
+++ b/canfield/cfscores/cfscores.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: cfscores.c,v 1.7 1999/09/08 21:17:46 jsm Exp $	*/
+/*	$NetBSD: cfscores.c,v 1.8 1999/09/12 09:02:20 jsm Exp $	*/
 
 /*
  * Copyright (c) 1983, 1993
@@ -43,7 +43,7 @@ __COPYRIGHT("@(#) Copyright (c) 1983, 1993\n\
 #if 0
 static char sccsid[] = "@(#)cfscores.c	8.1 (Berkeley) 5/31/93";
 #else
-__RCSID("$NetBSD: cfscores.c,v 1.7 1999/09/08 21:17:46 jsm Exp $");
+__RCSID("$NetBSD: cfscores.c,v 1.8 1999/09/12 09:02:20 jsm Exp $");
 #endif
 #endif /* not lint */
 
@@ -79,6 +79,9 @@ main(argc, argv)
 	struct passwd *pw;
 	int uid;
 
+	/* Revoke setgid privileges */
+	setregid(getgid(), getgid());
+
 	if (argc > 2) {
 		printf("Usage: cfscores [user]\n");
 		exit(1);
diff --git a/cribbage/crib.c b/cribbage/crib.c
index 83a9e422..7cf7647a 100644
--- a/cribbage/crib.c
+++ b/cribbage/crib.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: crib.c,v 1.11 1999/09/08 21:17:47 jsm Exp $	*/
+/*	$NetBSD: crib.c,v 1.12 1999/09/12 09:02:21 jsm Exp $	*/
 
 /*-
  * Copyright (c) 1980, 1993
@@ -43,12 +43,13 @@ __COPYRIGHT("@(#) Copyright (c) 1980, 1993\n\
 #if 0
 static char sccsid[] = "@(#)crib.c	8.1 (Berkeley) 5/31/93";
 #else
-__RCSID("$NetBSD: crib.c,v 1.11 1999/09/08 21:17:47 jsm Exp $");
+__RCSID("$NetBSD: crib.c,v 1.12 1999/09/12 09:02:21 jsm Exp $");
 #endif
 #endif /* not lint */
 
 #include <curses.h>
 #include <err.h>
+#include <fcntl.h>
 #include <signal.h>
 #include <stdlib.h>
 #include <string.h>
@@ -69,6 +70,28 @@ main(argc, argv)
 	BOOLEAN playing;
 	FILE *f;
 	int ch;
+	int fd;
+	int flags;
+
+	f = fopen(_PATH_LOG, "a");
+	if (f == NULL)
+		warn("fopen %s", _PATH_LOG);
+	if (f != NULL && fileno(f) < 3)
+		exit(1);
+
+	/* Revoke setgid privileges */
+	setregid(getgid(), getgid());
+
+	/* Set close-on-exec flag on log file */
+	if (f != NULL) {
+		fd = fileno(f);
+		flags = fcntl(fd, F_GETFD);
+		if (flags < 0)
+			err(1, "fcntl F_GETFD");
+		flags |= FD_CLOEXEC;
+		if (fcntl(fd, F_SETFD, flags) == -1)
+			err(1, "fcntl F_SETFD");
+	}
 
 	while ((ch = getopt(argc, argv, "eqr")) != -1)
 		switch (ch) {
@@ -129,14 +152,12 @@ main(argc, argv)
 		playing = (getuchar() == 'Y');
 	} while (playing);
 
-	if ((f = fopen(_PATH_LOG, "a")) != NULL) {
+	if (f != NULL) {
 		(void)fprintf(f, "%s: won %5.5d, lost %5.5d\n",
 		    getlogin(), cgames, pgames);
 		(void) fclose(f);
 	}
 	bye();
-	if (!f)
-		errx(1, "can't open %s", _PATH_LOG);
 	exit(0);
 }
 
diff --git a/fish/fish.c b/fish/fish.c
index 1ce39130..b522a7b4 100644
--- a/fish/fish.c
+++ b/fish/fish.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: fish.c,v 1.9 1999/09/08 21:17:48 jsm Exp $	*/
+/*	$NetBSD: fish.c,v 1.10 1999/09/12 09:02:21 jsm Exp $	*/
 
 /*-
  * Copyright (c) 1990, 1993
@@ -46,7 +46,7 @@ __COPYRIGHT("@(#) Copyright (c) 1990, 1993\n\
 #if 0
 static char sccsid[] = "@(#)fish.c	8.1 (Berkeley) 5/31/93";
 #else
-__RCSID("$NetBSD: fish.c,v 1.9 1999/09/08 21:17:48 jsm Exp $");
+__RCSID("$NetBSD: fish.c,v 1.10 1999/09/12 09:02:21 jsm Exp $");
 #endif
 #endif /* not lint */
 
@@ -104,7 +104,8 @@ main(argc, argv)
 {
 	int ch, move;
 
-	setgid(getgid());
+	/* Revoke setgid privileges */
+	setregid(getgid(), getgid());
 
 	while ((ch = getopt(argc, argv, "p")) != -1)
 		switch(ch) {
diff --git a/gomoku/main.c b/gomoku/main.c
index e7f0448f..7b8fc674 100644
--- a/gomoku/main.c
+++ b/gomoku/main.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: main.c,v 1.7 1999/09/08 21:45:27 jsm Exp $	*/
+/*	$NetBSD: main.c,v 1.8 1999/09/12 09:02:21 jsm Exp $	*/
 
 /*
  * Copyright (c) 1994
@@ -46,7 +46,7 @@ __COPYRIGHT("@(#) Copyright (c) 1994\n\
 #if 0
 static char sccsid[] = "@(#)main.c	8.4 (Berkeley) 5/4/95";
 #else
-__RCSID("$NetBSD: main.c,v 1.7 1999/09/08 21:45:27 jsm Exp $");
+__RCSID("$NetBSD: main.c,v 1.8 1999/09/12 09:02:21 jsm Exp $");
 #endif
 #endif /* not lint */
 
@@ -98,6 +98,9 @@ main(argc, argv)
 		"%3d        %-6s"
 	};
 
+	/* Revoke setgid privileges */
+	setregid(getgid(), getgid());
+
 	color = curmove = 0;
 
 	prog = strrchr(argv[0], '/');
diff --git a/hangman/main.c b/hangman/main.c
index 8d448e03..1cc88e78 100644
--- a/hangman/main.c
+++ b/hangman/main.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: main.c,v 1.6 1999/09/08 21:45:28 jsm Exp $	*/
+/*	$NetBSD: main.c,v 1.7 1999/09/12 09:02:21 jsm Exp $	*/
 
 /*
  * Copyright (c) 1983, 1993
@@ -43,7 +43,7 @@ __COPYRIGHT("@(#) Copyright (c) 1983, 1993\n\
 #if 0
 static char sccsid[] = "@(#)main.c	8.1 (Berkeley) 5/31/93";
 #else
-__RCSID("$NetBSD: main.c,v 1.6 1999/09/08 21:45:28 jsm Exp $");
+__RCSID("$NetBSD: main.c,v 1.7 1999/09/12 09:02:21 jsm Exp $");
 #endif
 #endif /* not lint */
 
@@ -55,6 +55,9 @@ __RCSID("$NetBSD: main.c,v 1.6 1999/09/08 21:45:28 jsm Exp $");
 int
 main(void)
 {
+	/* Revoke setgid privileges */
+	setregid(getgid(), getgid());
+
 	initscr();
 	signal(SIGINT, die);
 	setup();
diff --git a/mille/mille.c b/mille/mille.c
index 9991c500..a41cd832 100644
--- a/mille/mille.c
+++ b/mille/mille.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: mille.c,v 1.8 1999/09/08 21:45:28 jsm Exp $	*/
+/*	$NetBSD: mille.c,v 1.9 1999/09/12 09:02:21 jsm Exp $	*/
 
 /*
  * Copyright (c) 1982, 1993
@@ -43,7 +43,7 @@ __COPYRIGHT("@(#) Copyright (c) 1982, 1993\n\
 #if 0
 static char sccsid[] = "@(#)mille.c	8.1 (Berkeley) 5/31/93";
 #else
-__RCSID("$NetBSD: mille.c,v 1.8 1999/09/08 21:45:28 jsm Exp $");
+__RCSID("$NetBSD: mille.c,v 1.9 1999/09/12 09:02:21 jsm Exp $");
 #endif
 #endif /* not lint */
 
@@ -61,8 +61,8 @@ main(ac, av)
 {
 	bool	restore;
 
-	/* run as the user */
-	setuid(getuid());
+	/* Revoke setgid privileges */
+	setregid(getgid(), getgid());
 
 	if (strcmp(av[0], "a.out") == 0) {
 		outf = fopen("q", "w");
diff --git a/monop/monop.c b/monop/monop.c
index 5b071759..289f2b12 100644
--- a/monop/monop.c
+++ b/monop/monop.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: monop.c,v 1.8 1999/09/09 17:27:59 jsm Exp $	*/
+/*	$NetBSD: monop.c,v 1.9 1999/09/12 09:02:22 jsm Exp $	*/
 
 /*
  * Copyright (c) 1980, 1993
@@ -43,7 +43,7 @@ __COPYRIGHT("@(#) Copyright (c) 1980, 1993\n\
 #if 0
 static char sccsid[] = "@(#)monop.c	8.1 (Berkeley) 5/31/93";
 #else
-__RCSID("$NetBSD: monop.c,v 1.8 1999/09/09 17:27:59 jsm Exp $");
+__RCSID("$NetBSD: monop.c,v 1.9 1999/09/12 09:02:22 jsm Exp $");
 #endif
 #endif /* not lint */
 
@@ -67,6 +67,9 @@ main(ac, av)
 	int ac;
 	char *av[];
 {
+	/* Revoke setgid privileges */
+	setregid(getgid(), getgid());
+
 	srand(getpid());
 	if (ac > 1) {
 		if (!rest_f(av[1]))
diff --git a/morse/morse.c b/morse/morse.c
index d9086e8e..2e2a2c01 100644
--- a/morse/morse.c
+++ b/morse/morse.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: morse.c,v 1.7 1999/09/08 21:17:53 jsm Exp $	*/
+/*	$NetBSD: morse.c,v 1.8 1999/09/12 09:02:22 jsm Exp $	*/
 
 /*
  * Copyright (c) 1988, 1993
@@ -43,7 +43,7 @@ __COPYRIGHT("@(#) Copyright (c) 1988, 1993\n\
 #if 0
 static char sccsid[] = "@(#)morse.c	8.1 (Berkeley) 5/31/93";
 #else
-__RCSID("$NetBSD: morse.c,v 1.7 1999/09/08 21:17:53 jsm Exp $");
+__RCSID("$NetBSD: morse.c,v 1.8 1999/09/12 09:02:22 jsm Exp $");
 #endif
 #endif /* not lint */
 
@@ -114,6 +114,9 @@ main(argc, argv)
 	int ch;
 	char *s, *p;
 
+	/* Revoke setgid privileges */
+	setregid(getgid(), getgid());
+
 	while ((ch = getopt(argc, argv, "ds")) != -1)
 		switch((char)ch) {
 		case 'd':
diff --git a/ppt/ppt.c b/ppt/ppt.c
index cef23a7f..befb1953 100644
--- a/ppt/ppt.c
+++ b/ppt/ppt.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: ppt.c,v 1.5 1997/10/10 16:48:39 lukem Exp $	*/
+/*	$NetBSD: ppt.c,v 1.6 1999/09/12 09:02:22 jsm Exp $	*/
 
 /*
  * Copyright (c) 1988, 1993
@@ -43,11 +43,12 @@ __COPYRIGHT("@(#) Copyright (c) 1988, 1993\n\
 #if 0
 static char sccsid[] = "@(#)ppt.c	8.1 (Berkeley) 5/31/93";
 #else
-__RCSID("$NetBSD: ppt.c,v 1.5 1997/10/10 16:48:39 lukem Exp $");
+__RCSID("$NetBSD: ppt.c,v 1.6 1999/09/12 09:02:22 jsm Exp $");
 #endif
 #endif /* not lint */
 
 #include <stdio.h>
+#include <unistd.h>
 
 	int	main __P((int, char *[]));
 static void	putppt __P((int));
@@ -60,6 +61,9 @@ main(argc, argv)
 	int c;
 	char *p;
 
+	/* Revoke setgid privileges */
+	setregid(getgid(), getgid());
+
 	(void) puts("___________");
 	if (argc > 1)
 		while ((p = *++argv) != NULL)
diff --git a/quiz/quiz.c b/quiz/quiz.c
index 96ede113..aec0ae78 100644
--- a/quiz/quiz.c
+++ b/quiz/quiz.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: quiz.c,v 1.14 1999/09/08 21:17:56 jsm Exp $	*/
+/*	$NetBSD: quiz.c,v 1.15 1999/09/12 09:02:22 jsm Exp $	*/
 
 /*-
  * Copyright (c) 1991, 1993
@@ -47,7 +47,7 @@ __COPYRIGHT("@(#) Copyright (c) 1991, 1993\n\
 #if 0
 static char sccsid[] = "@(#)quiz.c	8.3 (Berkeley) 5/4/95";
 #else
-__RCSID("$NetBSD: quiz.c,v 1.14 1999/09/08 21:17:56 jsm Exp $");
+__RCSID("$NetBSD: quiz.c,v 1.15 1999/09/12 09:02:22 jsm Exp $");
 #endif
 #endif /* not lint */
 
@@ -88,6 +88,9 @@ main(argc, argv)
 	int ch;
 	const char *indexfile;
 
+	/* Revoke setgid privileges */
+	setregid(getgid(), getgid());
+
 	indexfile = _PATH_QUIZIDX;
 	while ((ch = getopt(argc, argv, "i:t")) != -1)
 		switch(ch) {
diff --git a/robots/main.c b/robots/main.c
index f2f9c97f..af8e8b7a 100644
--- a/robots/main.c
+++ b/robots/main.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: main.c,v 1.10 1999/09/08 21:45:29 jsm Exp $	*/
+/*	$NetBSD: main.c,v 1.11 1999/09/12 09:02:22 jsm Exp $	*/
 
 /*
  * Copyright (c) 1980, 1993
@@ -43,7 +43,7 @@ __COPYRIGHT("@(#) Copyright (c) 1980, 1993\n\
 #if 0
 static char sccsid[] = "@(#)main.c	8.1 (Berkeley) 5/31/93";
 #else
-__RCSID("$NetBSD: main.c,v 1.10 1999/09/08 21:45:29 jsm Exp $");
+__RCSID("$NetBSD: main.c,v 1.11 1999/09/12 09:02:22 jsm Exp $");
 #endif
 #endif /* not lint */
 
@@ -61,6 +61,17 @@ main(ac, av)
 	bool	show_only;
 	extern const char	*Scorefile;
 	extern int	Max_per_uid;
+	int		score_wfd; /* high score writable file descriptor */
+	int		score_err = 0; /* hold errno from score file open */
+
+	score_wfd = open(Scorefile, O_RDWR);
+	if (score_wfd < 0)
+		score_err = errno;
+	else if (score_wfd < 3)
+		exit(1);
+
+	/* Revoke setgid privileges */
+	setregid(getgid(), getgid());
 
 	show_only = FALSE;
 	Num_games = 1;
@@ -71,9 +82,12 @@ main(ac, av)
 				if (isdigit(av[0][0]))
 					Max_per_uid = atoi(av[0]);
 				else {
-					setuid(getuid());
-					setgid(getgid());
 					Scorefile = av[0];
+					if (score_wfd >= 0)
+						close(score_wfd);
+					score_wfd = open(Scorefile, O_RDWR);
+					if (score_wfd < 0)
+						score_err = errno;
 # ifdef	FANCY
 					sp = strrchr(Scorefile, '/');
 					if (sp == NULL)
@@ -128,6 +142,13 @@ main(ac, av)
 		/* NOTREACHED */
 	}
 
+	if (score_wfd < 0) {
+		errno = score_err;
+		warn("%s", Scorefile);
+		warnx("High scores will not be recorded!");
+		sleep(2);
+	}
+
 	initscr();
 	signal(SIGINT, quit);
 	crmode();
@@ -161,7 +182,7 @@ main(ac, av)
 			refresh();
 			if (Auto_bot)
 				sleep(1);
-			score();
+			score(score_wfd);
 			if (Auto_bot)
 				sleep(1);
 			refresh();
diff --git a/robots/robots.h b/robots/robots.h
index 3fcf5c1c..eb93806a 100644
--- a/robots/robots.h
+++ b/robots/robots.h
@@ -1,4 +1,4 @@
-/*	$NetBSD: robots.h,v 1.11 1999/09/08 21:17:57 jsm Exp $	*/
+/*	$NetBSD: robots.h,v 1.12 1999/09/12 09:02:22 jsm Exp $	*/
 
 /*
  * Copyright (c) 1980, 1993
@@ -39,6 +39,7 @@
 # include	<ctype.h>
 # include	<curses.h>
 # include	<err.h>
+# include	<errno.h>
 # include	<fcntl.h>
 # include	<pwd.h>
 # include	<setjmp.h>
@@ -137,7 +138,7 @@ void	quit __P((int)) __attribute__((__noreturn__));
 void	reset_count __P((void));
 int	rnd __P((int));
 COORD  *rnd_pos __P((void));
-void	score __P((void));
+void	score __P((int));
 void	set_name __P((SCORE *));
 void	show_score __P((void));
 int	sign __P((int));
diff --git a/robots/score.c b/robots/score.c
index ddc8ce56..ee0b5b18 100644
--- a/robots/score.c
+++ b/robots/score.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: score.c,v 1.9 1999/09/08 21:57:20 jsm Exp $	*/
+/*	$NetBSD: score.c,v 1.10 1999/09/12 09:02:22 jsm Exp $	*/
 
 /*
  * Copyright (c) 1980, 1993
@@ -38,7 +38,7 @@
 #if 0
 static char sccsid[] = "@(#)score.c	8.1 (Berkeley) 5/31/93";
 #else
-__RCSID("$NetBSD: score.c,v 1.9 1999/09/08 21:57:20 jsm Exp $");
+__RCSID("$NetBSD: score.c,v 1.10 1999/09/12 09:02:22 jsm Exp $");
 #endif
 #endif /* not lint */
 
@@ -116,18 +116,17 @@ write_score(inf)
  *	top list.
  */
 void
-score()
+score(score_wfd)
+	int score_wfd;
 {
-	int			inf;
+	int			inf = score_wfd;
 	SCORE			*scp;
 	int			uid;
 	bool			done_show = FALSE;
 
 	Newscore = FALSE;
-	if ((inf = open(Scorefile, O_RDWR)) < 0) {
-		warn("opening `%s'", Scorefile);
+	if (inf < 0)
 		return;
-	}
 
 	read_score(inf);
 
@@ -161,7 +160,7 @@ score()
 
 	if (!Newscore) {
 		Full_clear = FALSE;
-		close(inf);
+		lseek(inf, 0, SEEK_SET);
 		return;
 	}
 	else
@@ -191,7 +190,7 @@ score()
 	if (Newscore) {
 		write_score(inf);
 	}
-	close(inf);
+	lseek(inf, 0, SEEK_SET);
 }
 
 void
diff --git a/rogue/init.c b/rogue/init.c
index f06ca3b4..afa5245c 100644
--- a/rogue/init.c
+++ b/rogue/init.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: init.c,v 1.9 1999/09/09 17:27:59 jsm Exp $	*/
+/*	$NetBSD: init.c,v 1.10 1999/09/12 09:02:23 jsm Exp $	*/
 
 /*
  * Copyright (c) 1988, 1993
@@ -41,7 +41,7 @@
 #if 0
 static char sccsid[] = "@(#)init.c	8.1 (Berkeley) 5/31/93";
 #else
-__RCSID("$NetBSD: init.c,v 1.9 1999/09/09 17:27:59 jsm Exp $");
+__RCSID("$NetBSD: init.c,v 1.10 1999/09/12 09:02:23 jsm Exp $");
 #endif
 #endif /* not lint */
 
@@ -57,6 +57,8 @@ __RCSID("$NetBSD: init.c,v 1.9 1999/09/09 17:27:59 jsm Exp $");
  *
  */
 
+#include <fcntl.h>
+
 #include "rogue.h"
 
 char login_name[MAX_OPT_LEN];
@@ -72,6 +74,7 @@ boolean no_skull = 0;
 boolean passgo = 0;
 const char *error_file = "rogue.esave";
 const char *byebye_string = "Okay, bye bye!";
+gid_t gid, egid;
 
 int
 init(argc, argv)
@@ -80,6 +83,16 @@ init(argc, argv)
 {
 	const char *pn;
 	int seed;
+	int fd;
+
+	gid = getgid();
+	egid = getegid();
+	setegid(gid);
+	/* Check for dirty tricks with closed fds 0, 1, 2 */
+	fd = open("/dev/null", O_RDONLY);
+	if (fd < 3)
+		exit(1);
+	close(fd);
 
 	seed = 0;
 	pn = md_gln();
diff --git a/rogue/machdep.c b/rogue/machdep.c
index 7e23ebf0..841f7b01 100644
--- a/rogue/machdep.c
+++ b/rogue/machdep.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: machdep.c,v 1.9 1998/11/10 13:01:32 hubertf Exp $	*/
+/*	$NetBSD: machdep.c,v 1.10 1999/09/12 09:02:23 jsm Exp $	*/
 
 /*
  * Copyright (c) 1988, 1993
@@ -41,7 +41,7 @@
 #if 0
 static char sccsid[] = "@(#)machdep.c	8.1 (Berkeley) 5/31/93";
 #else
-__RCSID("$NetBSD: machdep.c,v 1.9 1998/11/10 13:01:32 hubertf Exp $");
+__RCSID("$NetBSD: machdep.c,v 1.10 1999/09/12 09:02:23 jsm Exp $");
 #endif
 #endif /* not lint */
 
@@ -471,10 +471,13 @@ md_lock(l)
 	short tries;
 
 	if (l) {
+		setegid(egid);
 		if ((fd = open(_PATH_SCOREFILE, O_RDONLY)) < 1) {
+			setegid(gid);
 			message("cannot lock score file", 0);
 			return;
 		}
+		setegid(gid);
 		for (tries = 0; tries < 5; tries++)
 			if (!flock(fd, LOCK_EX|LOCK_NB))
 				return;
@@ -500,10 +503,6 @@ md_shell(shell)
 	int w;
 
 	if (!fork()) {
-		int uid;
-
-		uid = getuid();
-		setuid(uid);
 		execl(shell, shell, 0);
 	}
 	wait(&w);
diff --git a/rogue/rogue.h b/rogue/rogue.h
index 92d49c09..0bf1e105 100644
--- a/rogue/rogue.h
+++ b/rogue/rogue.h
@@ -1,4 +1,4 @@
-/*	$NetBSD: rogue.h,v 1.9 1999/09/08 21:45:30 jsm Exp $	*/
+/*	$NetBSD: rogue.h,v 1.10 1999/09/12 09:02:23 jsm Exp $	*/
 
 /*
  * Copyright (c) 1988, 1993
@@ -457,6 +457,8 @@ extern char *CL;
  */
 #include <stdio.h>
 #include <string.h>
+#include <sys/types.h>
+#include <unistd.h>
 
 object	*alloc_object __P((void));
 object	*check_duplicate __P((object *, object *));
@@ -817,3 +819,5 @@ extern	short	r_rings;
 extern	short	regeneration;
 extern	short	ring_exp;
 extern	short	stealthy;
+extern	gid_t	gid;
+extern	gid_t	egid;
diff --git a/rogue/score.c b/rogue/score.c
index bc4f580f..3ef52dcd 100644
--- a/rogue/score.c
+++ b/rogue/score.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: score.c,v 1.7 1998/11/10 13:01:32 hubertf Exp $	*/
+/*	$NetBSD: score.c,v 1.8 1999/09/12 09:02:23 jsm Exp $	*/
 
 /*
  * Copyright (c) 1988, 1993
@@ -41,7 +41,7 @@
 #if 0
 static char sccsid[] = "@(#)score.c	8.1 (Berkeley) 5/31/93";
 #else
-__RCSID("$NetBSD: score.c,v 1.7 1998/11/10 13:01:32 hubertf Exp $");
+__RCSID("$NetBSD: score.c,v 1.8 1999/09/12 09:02:23 jsm Exp $");
 #endif
 #endif /* not lint */
 
@@ -213,11 +213,14 @@ put_scores(monster, other)
 
 	md_lock(1);
 
+	setegid(egid);
 	if ((fp = fopen(_PATH_SCOREFILE, "r+")) == NULL &&
 	    (fp = fopen(_PATH_SCOREFILE, "w+")) == NULL) {
+		setegid(gid);
 		message("cannot read/write/create score file", 0);
 		sf_error();
 	}
+	setegid(gid);
 	rewind(fp);
 	(void) xxx(1);
 
diff --git a/snake/snake/snake.c b/snake/snake/snake.c
index a356a02f..c3a69681 100644
--- a/snake/snake/snake.c
+++ b/snake/snake/snake.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: snake.c,v 1.12 1999/09/08 21:57:21 jsm Exp $	*/
+/*	$NetBSD: snake.c,v 1.13 1999/09/12 09:02:23 jsm Exp $	*/
 
 /*
  * Copyright (c) 1980, 1993
@@ -43,7 +43,7 @@ __COPYRIGHT("@(#) Copyright (c) 1980, 1993\n\
 #if 0
 static char sccsid[] = "@(#)snake.c	8.2 (Berkeley) 1/7/94";
 #else
-__RCSID("$NetBSD: snake.c,v 1.12 1999/09/08 21:57:21 jsm Exp $");
+__RCSID("$NetBSD: snake.c,v 1.13 1999/09/12 09:02:23 jsm Exp $");
 #endif
 #endif				/* not lint */
 
@@ -101,6 +101,9 @@ int     repeat = 1;
 time_t  tv;
 char   *tn;
 
+int rawscores;
+FILE *logfile;
+
 int main __P((int, char **));
 
 int
@@ -112,6 +115,20 @@ main(argc, argv)
 	extern int optind;
 	int     ch, i;
 
+	/* Open score files then revoke setgid privileges */
+	rawscores = open(_PATH_RAWSCORES, O_RDWR|O_CREAT, 0664);
+	if (rawscores < 0) {
+		warn("open %s", _PATH_RAWSCORES);
+		sleep(2);
+	} else if (rawscores < 3)
+		exit(1);
+	logfile = fopen(_PATH_LOGFILE, "a");
+	if (logfile == NULL) {
+		warn("fopen %s", _PATH_LOGFILE);
+		sleep(2);
+	}
+	setregid(getgid(), getgid());
+
 	(void) time(&tv);
 	srandom((int) tv);
 
@@ -498,9 +515,8 @@ post(iscore, flag)
 		pr("No saved scores for uid %d.\n", uid);
 		return (1);
 	}
-	if ((rawscores = open(_PATH_RAWSCORES, O_RDWR | O_CREAT, 0644)) < 0) {
-		pr("No score file %s: %s.\n", _PATH_RAWSCORES,
-		    strerror(errno));
+	if (rawscores < 0) {
+		/* Error reported earlier */
 		return (1);
 	}
 	/* Figure out what happened in the past */
@@ -532,7 +548,7 @@ post(iscore, flag)
 			pr("You set a new record!\n");
 	} else
 		pr("The highest is %s with $%d\n", p->pw_name, allbscore);
-	close(rawscores);
+	lseek(rawscores, 0, SEEK_SET);
 	return (1);
 }
 
@@ -935,13 +951,12 @@ void
 logit(msg)
 	const char   *msg;
 {
-	FILE   *logfile;
 	time_t  t;
 
-	if ((logfile = fopen(_PATH_LOGFILE, "a")) != NULL) {
+	if (logfile != NULL) {
 		time(&t);
 		fprintf(logfile, "%s $%d %dx%d %s %s",
 		    getlogin(), cashvalue, lcnt, ccnt, msg, ctime(&t));
-		fclose(logfile);
+		fflush(logfile);
 	}
 }
diff --git a/snake/snscore/snscore.c b/snake/snscore/snscore.c
index e50fed75..65b6b228 100644
--- a/snake/snscore/snscore.c
+++ b/snake/snscore/snscore.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: snscore.c,v 1.10 1999/09/09 17:28:00 jsm Exp $	*/
+/*	$NetBSD: snscore.c,v 1.11 1999/09/12 09:02:23 jsm Exp $	*/
 
 /*
  * Copyright (c) 1980, 1993
@@ -43,7 +43,7 @@ __COPYRIGHT("@(#) Copyright (c) 1980, 1993\n\
 #if 0
 static char sccsid[] = "@(#)snscore.c	8.1 (Berkeley) 7/19/93";
 #else
-__RCSID("$NetBSD: snscore.c,v 1.10 1999/09/09 17:28:00 jsm Exp $");
+__RCSID("$NetBSD: snscore.c,v 1.11 1999/09/12 09:02:23 jsm Exp $");
 #endif
 #endif /* not lint */
 
@@ -53,6 +53,7 @@ __RCSID("$NetBSD: snscore.c,v 1.10 1999/09/09 17:28:00 jsm Exp $");
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <unistd.h>
 #include "pathnames.h"
 
 const char *recfile = _PATH_RAWSCORES;
@@ -77,6 +78,9 @@ main()
 	const	char *q;
 	struct	passwd	*p;
 
+	/* Revoke setgid privileges */
+	setregid(getgid(), getgid());
+
 	fd = fopen(recfile, "r");
 	if (fd == NULL)
 		err(1, "opening `%s'", recfile);
diff --git a/tetris/scores.c b/tetris/scores.c
index a93c2ef5..7f3e4115 100644
--- a/tetris/scores.c
+++ b/tetris/scores.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: scores.c,v 1.5 1999/09/08 21:18:00 jsm Exp $	*/
+/*	$NetBSD: scores.c,v 1.6 1999/09/12 09:02:23 jsm Exp $	*/
 
 /*-
  * Copyright (c) 1992, 1993
@@ -51,6 +51,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <sys/stat.h>
 #include <time.h>
 #include <termcap.h>
 #include <unistd.h>
@@ -96,6 +97,7 @@ getscores(fpp)
 	FILE **fpp;
 {
 	int sd, mint, lck;
+	mode_t mask;
 	const char *mstr, *human;
 	FILE *sf;
 
@@ -110,10 +112,14 @@ getscores(fpp)
 		human = "reading";
 		lck = LOCK_SH;
 	}
+	setegid(egid);
+	mask = umask(S_IWOTH);
 	sd = open(_PATH_SCOREFILE, mint, 0666);
+	(void)umask(mask);
 	if (sd < 0) {
 		if (fpp == NULL) {
 			nscores = 0;
+			setegid(gid);
 			return;
 		}
 		(void)fprintf(stderr, "tetris: cannot open %s for %s: %s\n",
@@ -125,6 +131,7 @@ getscores(fpp)
 		    _PATH_SCOREFILE, human, strerror(errno));
 		exit(1);
 	}
+	setegid(gid);
 
 	/*
 	 * Grab a lock.
diff --git a/tetris/tetris.c b/tetris/tetris.c
index 3cf9f360..f1f096a8 100644
--- a/tetris/tetris.c
+++ b/tetris/tetris.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: tetris.c,v 1.11 1999/09/08 21:45:31 jsm Exp $	*/
+/*	$NetBSD: tetris.c,v 1.12 1999/09/12 09:02:24 jsm Exp $	*/
 
 /*-
  * Copyright (c) 1992, 1993
@@ -50,6 +50,7 @@ __COPYRIGHT("@(#) Copyright (c) 1992, 1993\n\
 
 #include <sys/time.h>
 
+#include <fcntl.h>
 #include <signal.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -61,6 +62,8 @@ __COPYRIGHT("@(#) Copyright (c) 1992, 1993\n\
 #include "screen.h"
 #include "tetris.h"
 
+gid_t	gid, egid;
+
 static	void	elide __P((void));
 static	void	setup_board __P((void));
 	int	main __P((int, char **));
@@ -121,6 +124,16 @@ main(argc, argv)
 	register int level = 2;
 	char key_write[6][10];
 	int ch, i, j;
+	int fd;
+
+	gid = getgid();
+	egid = getegid();
+	setegid(gid);
+
+	fd = open("/dev/null", O_RDONLY);
+	if (fd < 3)
+		exit(1);
+	close(fd);
 
 	keys = "jkl pq";
 
diff --git a/tetris/tetris.h b/tetris/tetris.h
index 97a28234..44a8b3b9 100644
--- a/tetris/tetris.h
+++ b/tetris/tetris.h
@@ -1,4 +1,4 @@
-/*	$NetBSD: tetris.h,v 1.6 1999/09/08 21:18:01 jsm Exp $	*/
+/*	$NetBSD: tetris.h,v 1.7 1999/09/12 09:02:24 jsm Exp $	*/
 
 /*-
  * Copyright (c) 1992, 1993
@@ -38,6 +38,8 @@
  *	@(#)tetris.h	8.1 (Berkeley) 5/31/93
  */
 
+#include <sys/types.h>
+
 /*
  * Definitions for Tetris.
  */
@@ -166,6 +168,7 @@ long	fallrate;		/* less than 1 million; smaller => faster */
  * still be moved or rotated).
  */
 int	score;			/* the obvious thing */
+extern gid_t	gid, egid;
 
 char	key_msg[100];
 int	showpreview;
diff --git a/trek/main.c b/trek/main.c
index db9c85e0..5461bcce 100644
--- a/trek/main.c
+++ b/trek/main.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: main.c,v 1.6 1997/10/13 22:18:32 cjs Exp $	*/
+/*	$NetBSD: main.c,v 1.7 1999/09/12 09:02:24 jsm Exp $	*/
 
 /*
  * Copyright (c) 1980, 1993
@@ -43,7 +43,7 @@ __COPYRIGHT("@(#) Copyright (c) 1980, 1993\n\
 #if 0
 static char sccsid[] = "@(#)main.c	8.1 (Berkeley) 5/31/93";
 #else
-__RCSID("$NetBSD: main.c,v 1.6 1997/10/13 22:18:32 cjs Exp $");
+__RCSID("$NetBSD: main.c,v 1.7 1999/09/12 09:02:24 jsm Exp $");
 #endif
 #endif /* not lint */
 
@@ -175,6 +175,9 @@ char	**argv;
 	char		**av;
 	struct	termios		argp;
 
+	/* Revoke setgid privileges */
+	setregid(getgid(), getgid());
+
 	av = argv;
 	ac = argc;
 	av++;
diff --git a/worm/worm.c b/worm/worm.c
index 47e242c3..588ce96b 100644
--- a/worm/worm.c
+++ b/worm/worm.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: worm.c,v 1.15 1999/09/09 17:28:00 jsm Exp $	*/
+/*	$NetBSD: worm.c,v 1.16 1999/09/12 09:02:24 jsm Exp $	*/
 
 /*
  * Copyright (c) 1980, 1993
@@ -43,7 +43,7 @@ __COPYRIGHT("@(#) Copyright (c) 1980, 1993\n\
 #if 0
 static char sccsid[] = "@(#)worm.c	8.1 (Berkeley) 5/31/93";
 #else
-__RCSID("$NetBSD: worm.c,v 1.15 1999/09/09 17:28:00 jsm Exp $");
+__RCSID("$NetBSD: worm.c,v 1.16 1999/09/12 09:02:24 jsm Exp $");
 #endif
 #endif /* not lint */
 
@@ -102,6 +102,9 @@ main(argc, argv)
 {
 	char ch;
 
+	/* Revoke setgid privileges */
+	setregid(getgid(), getgid());
+
 	if (argc == 2)
 		start_len = atoi(argv[1]);
 	if ((start_len <= 0) || (start_len > 500))
diff --git a/wump/wump.c b/wump/wump.c
index 93fc6c5f..c1918920 100644
--- a/wump/wump.c
+++ b/wump/wump.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: wump.c,v 1.11 1999/09/10 10:47:56 kleink Exp $	*/
+/*	$NetBSD: wump.c,v 1.12 1999/09/12 09:02:24 jsm Exp $	*/
 
 /*
  * Copyright (c) 1989, 1993
@@ -47,7 +47,7 @@ __COPYRIGHT("@(#) Copyright (c) 1989, 1993\n\
 #if 0
 static char sccsid[] = "@(#)wump.c	8.1 (Berkeley) 5/31/93";
 #else
-__RCSID("$NetBSD: wump.c,v 1.11 1999/09/10 10:47:56 kleink Exp $");
+__RCSID("$NetBSD: wump.c,v 1.12 1999/09/12 09:02:24 jsm Exp $");
 #endif
 #endif /* not lint */
 
@@ -147,6 +147,9 @@ main(argc, argv)
 {
 	int c;
 
+	/* Revoke setgid privileges */
+	setregid(getgid(), getgid());
+
 #ifdef DEBUG
 	while ((c = getopt(argc, argv, "a:b:hp:r:t:d")) != -1)
 #else