[Pkg-games-devel] Another joiner!
Miriam Ruiz
little_miry at yahoo.es
Fri Jan 13 14:11:22 UTC 2006
Hi :)
Steve Kemp <steve at steve.org.uk> wrote:
[...]
> This is largely because many games are setgid(games) so
> they can write to global highscore files. (Other cases
> are mostly gone. Previously many games were setuid(0) to
> interface with svgalib, etc.)
>
> I've been tempted more than once to start a debate about
> global highscores. I think that too many games are setgid
> for no other reason, and that in many many cases a Debian
> installation used for games is going to be a single-user system.
In my opinion setuid(0) should not be used for that, as it opens a potential
security hole which in most of the games is quite real, as they're not really
usually designed for handling attacks (buffer overflows, badly handled
temporary files,...)
It would be nice to develop some guidelines to handle points like that, as
they're quite common to many games.
> If that really is the case then it might make more sense
> to patch games to save highscores somewhere beneath $HOME and
> drop the setgid bit wholly.
It would be sensible to do something like that, but that makes a different
highscore list for every user that runs the program. Is this the desired
behaviour? Or do users prefer to have a common highscore list to share with
other users of the computer? I'm not really sure to have the answer for that.
In any case, we should find a way to handle common highscore lists without the
need for setuid(0). Maybe using some special group and permissions? I have no
clue.
> Anyway the games I maintain are largely dead upstream, so
> I don't do a whole lot with them. Every now and again I'll
> make a new upload to change the standards version, or tweak
> the menufile. But otherwise I think I could say I'm not
> really maintaining them as such.
That also happens to some of my packages, as their upstreams consider them as
totally finished and will not release a new version. That's not really a bad
thing for a game, as it needn't be continuously growing (at least not every
kind of game needs), but has the disadvantage that I must do upstream
maintaining myselg (like porting to gcc4, changes of API in game libraries,...
).
> I would imagine that one of the goals of the games list would
> be to update each game so that any member could upload them?
> Kinda like how GNOME, etc, work. Is that the case?
Well, that's the idea I have in mind for the group, like setting up a
subversion repository and maintaining them in a collaborative way, something
like KDE team does or so. This has lots of advantages over the one package-one
developer approach.
Anyway, the group is open to individual maintainers who don't want to share
this metodology but want to join us in discussing many topics related to games
packaging.
Greetings,
Miry
______________________________________________
LLama Gratis a cualquier PC del Mundo.
Llamadas a fijos y móviles desde 1 céntimo por minuto.
http://es.voice.yahoo.com
More information about the Pkg-games-devel
mailing list