--- gamegrid.el.~1.14.~	2003-02-04 08:20:41.000000000 -0500
+++ gamegrid.el	2003-02-26 09:53:19.000000000 -0500
@@ -437,13 +437,17 @@
 (defun gamegrid-add-score-with-update-game-score (file score)
   (let* ((result nil)
 	 (errbuf (generate-new-buffer " *update-game-score loss*"))
+	 (securetarget (expand-file-name file shared-game-score-directory)) 
 	 (have-shared-game-dir
-	  (not (zerop (logand (file-modes
-			       (expand-file-name "update-game-score"
-						 exec-directory))
-			      #o4000))))
+	  (and (not (zerop (logand (file-modes
+				    (expand-file-name "update-game-score"
+						      exec-directory))
+				   #o4000)))
+	       ;; The game file must already exist; otherwise a user could
+	       ;; do malicious things with a setuid update-game-score
+	       (file-exists-p securetarget)))
 	 (target (if have-shared-game-dir
-		     (expand-file-name file shared-game-score-directory)
+		     securetarget
 		   (let ((f (expand-file-name
 			     gamegrid-user-score-file-directory)))
 		     (when (file-writable-p f)