Bug#1124328: kobodeluxe: is setgid, can this be avoided?
Simon McVittie
smcv at debian.org
Tue Dec 30 18:27:40 GMT 2025
Package: kobodeluxe
Version: 0.5.1-11
Severity: wishlist
User: pkg-games-devel at lists.alioth.debian.org
Usertags: setgid
The /usr/games/kobodl executable is setgid games.
Because this game depends on libraries that make no attempt to avoid
privilege escalation from the caller to the games group, this use of
setgid is basically security theatre: it's essentially equivalent to
making the high scores world-writeable.
In particular, because this game depends on SDL, it's very easy to use
it to escalate privileges to the games group. SDL is not designed to be
used by set*id executables (reference:
https://github.com/libsdl-org/SDL/issues/14717).
Discussion on the debian-devel-games list starting at
https://lists.debian.org/debian-devel-games/2025/12/msg00016.html (or
equivalently
https://lists.debian.org/msgid-search/aVFQ7HtjX7cYSnIp@remnant.pseudorandom.co.uk)
indicates that several games team members think the complexity cost and
security implications of games being setgid are too high a price to pay
for a shared high-score table on multi-user systems.
Could this game be modified to save high-scores to a per-user location
instead? In SDL 2, the SDL_PrefPath() is likely to be the most suitable
place. Unfortunately SDL 1.2 does not provide that function, but it
could be copied or reimplemented if necessary.
Thanks,
smcv
More information about the Pkg-games-devel
mailing list