Bug#859318: pyracerz: Games crashes with Permission denied when writing highscores

James Cowgill jcowgill at debian.org
Sun Apr 2 15:52:33 UTC 2017 

Hi,

On 02/04/17 14:38, Markus Koschany wrote:
> Am 02.04.2017 um 09:33 schrieb Andrej Mernik:
>> Package: pyracerz
>> Version: 0.2-8
>> Severity: normal
>>
>> Dear Maintainer,
>>
>> the game crashes when it tries to write the highscore file:
>>
>> Traceback (most recent call last):
>>   File "/usr/games/pyracerz", line 280, in <module>
>>     if __name__ == '__main__': main()
>>   File "/usr/games/pyracerz", line 251, in main
>>     challenge.Challenge(thePlayer)
>>   File "/usr/share/games/pyracerz/modules/challenge.py", line 65, in __init__
>>     chrono = chalRace.play()
>>   File "/usr/share/games/pyracerz/modules/game.py", line 550, in play
>>     self.computeScores(currentTrack)
>>   File "/usr/share/games/pyracerz/modules/game.py", line 613, in computeScores
>>     if misc.addHiScore(track, play) == 1:
>>   File "/usr/share/games/pyracerz/modules/misc.py", line 185, in addHiScore
>>     fwrite = file("/var/games/pyracerz/pyracerz.conf", "w+")
>> IOError: [Errno 13] Permission denied: '/var/games/pyracerz/pyracerz.conf'
>>
>>
>> $ ls -al /var/games/pyracerz/pyracerz.conf
>> -rw-rw-r-- 1 root games 1208 apr  2 08:48 /var/games/pyracerz/pyracerz.conf
> 
> Your user must be a member of group "games". I think the error handling
> can be improved but otherwise this works as intended.

No. The "games" group is for allowing high scores to be stored in
/var/games. The executables are setgid and are in the "games" group to
allow this [1]. The problem is that pyracerz is a python game and the
kernel ignores the setgid bit on scripts.

You could workaround this by using a helper executable (which would be
safe because it would exec an absolute path which only root can write
to). That would make the package arch:any though and I'm not sure it's
worth it.

[1] Policy 11.11

James

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-games-devel/attachments/20170402/2baed6fa/attachment.sig>

More information about the Pkg-games-devel mailing list