Bug#1124329: angband: is setgid, can this be avoided?
Simon McVittie
smcv at debian.org
Tue Dec 30 18:39:04 GMT 2025
Package: angband
Version: 1:4.2.5+dfsg1-3
Severity: wishlist
User: pkg-games-devel at lists.alioth.debian.org
Usertags: setgid
The /usr/games/angband executable is setgid games.
Because this game depends on libraries that make no attempt to avoid
privilege escalation from the caller to the games group, this use of
setgid is basically security theatre: it's essentially equivalent to
making the high scores world-writeable.
In particular, because this game depends on SDL, it's very easy to use
it to escalate privileges to the games group. SDL is not designed to be
used by set*id executables (reference:
https://github.com/libsdl-org/SDL/issues/14717).
Discussion on the debian-devel-games list starting at
https://lists.debian.org/debian-devel-games/2025/12/msg00016.html (or
equivalently
https://lists.debian.org/msgid-search/aVFQ7HtjX7cYSnIp@remnant.pseudorandom.co.uk)
indicates that several games team members think the complexity cost and
security implications of games being setgid are too high a price to pay
for shared savegames and game state on multi-user systems.
Could this game be modified to save game state to a per-user location
instead? In SDL 2 or later, the SDL_PrefPath() is likely to be the most
suitable place.
To avoid data loss, it will probably be necessary to copy game state
from /var/games/angband into the new location for a transitional period.
If a transition path is added during the Debian 13 'forky' cycle, then
perhaps it could be removed when testing reopens after the Debian 14
'duke' release.
Thanks,
smcv
More information about the Pkg-games-devel
mailing list