As gentoo doesnt follow the standard of setting games to setgid a low privileged group, any user in group games can create symlinks in /var/games/nethack/save, allowing them to trick other users to overwriting or creating files. reproduce: cd /var/games/nethack/save ln -s /any/file/victim/owns <uid><username>.bz2 now get victim to run nethack, when they save their game target file will be overwritten or created. This only affects gentoo, and is not a bug in nethack.
See, this is not *at all* what you explained to me this morning. Had you used *this* example, you would have convinced me that *something* needs to be done to resolve this. I'm still not convinced that setgid is the answer, but something should be done. =]
Games team, please advise
Late.
Regrouping nethack / group games issues. *** This bug has been marked as a duplicate of 125902 ***