Here's the patch I came up with for this. -- see shy jo
diff --new-file -ur tmp/xshisen-1.51-1/Makefile.in xshisen-1.51-1/Makefile.in
--- tmp/xshisen-1.51-1/Makefile.in 2003-10-29 11:49:58.000000000 -0500
+++ xshisen-1.51-1/Makefile.in 2005-01-27 01:56:36.000000000 -0500
@@ -17,7 +17,7 @@
XSHISENLIB = @datadir@/xshisen
XSHISENDAT = @sharedstatedir@
-CXXFLAGS = @CXXFLAGS@
+CXXFLAGS = @CXXFLAGS@ -DNO_GLOBAL_HIGHSCORE
CPPFLAGS = $(CPPOPTS) @CPPFLAGS@
CPPOPTS =
LDFLAGS = @LDFLAGS@
diff --new-file -ur tmp/xshisen-1.51-1/debian/README.Debian
xshisen-1.51-1/debian/README.Debian
--- tmp/xshisen-1.51-1/debian/README.Debian 1969-12-31 19:00:00.000000000
-0500
+++ xshisen-1.51-1/debian/README.Debian 2005-01-27 02:44:17.000000000 -0500
@@ -0,0 +1,4 @@
+Note that in the Debian package of xshisen, support for system-wide score
+files is disabled. This was done because xshisen is not written very
+securely, and a system-wide score file required the program to be installed
+setgid games.
diff --new-file -ur tmp/xshisen-1.51-1/debian/changelog
xshisen-1.51-1/debian/changelog
--- tmp/xshisen-1.51-1/debian/changelog 2005-01-19 15:21:19.000000000 -0500
+++ xshisen-1.51-1/debian/changelog 2005-01-27 02:47:32.000000000 -0500
@@ -1,3 +1,15 @@
+xshisen (1.51-1-1.2) unstable; urgency=HIGH
+
+ * NMU (at maintainer's request).
+ * Add NO_GLOBAL_HIGHSCORE define which crudely disables the support for
+ a global score file.
+ * Remove sgid bit. Closes: #291613, #292065
+ * Comment out code in postinst that set up /var/games/xshisen.scores,
+ but for now, do not delete that file on upgrade.
+ * Add README.Debian.
+
+ -- Joey Hess <[EMAIL PROTECTED]> Thu, 27 Jan 2005 02:42:26 -0500
+
xshisen (1.51-1-1.1) unstable; urgency=HIGH
* NMU
diff --new-file -ur tmp/xshisen-1.51-1/debian/postinst
xshisen-1.51-1/debian/postinst
--- tmp/xshisen-1.51-1/debian/postinst 2003-10-29 11:49:58.000000000 -0500
+++ xshisen-1.51-1/debian/postinst 2005-01-27 02:46:16.000000000 -0500
@@ -5,12 +5,12 @@
case "$1" in
configure)
- if [ ! -f /var/games/xshisen.scores ]; then
- cp -f /usr/share/games/xshisen/xshisen.scores \
- /var/games/xshisen.scores
- chown root.games /var/games/xshisen.scores
- chmod 664 /var/games/xshisen.scores
- fi
+# if [ ! -f /var/games/xshisen.scores ]; then
+# cp -f /usr/share/games/xshisen/xshisen.scores \
+# /var/games/xshisen.scores
+# chown root.games /var/games/xshisen.scores
+# chmod 664 /var/games/xshisen.scores
+#h fi
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
diff --new-file -ur tmp/xshisen-1.51-1/debian/rules xshisen-1.51-1/debian/rules
--- tmp/xshisen-1.51-1/debian/rules 2003-10-29 11:49:58.000000000 -0500
+++ xshisen-1.51-1/debian/rules 2005-01-27 02:45:32.000000000 -0500
@@ -64,8 +64,7 @@
DESTDIR=$(CURDIR)/debian/xshisen \
XSHISENDAT=$(CURDIR)/debian/xshisen/usr/share/games/xshisen \
XSHISENLIB=$(CURDIR)/debian/xshisen/usr/share/games/xshisen
- chown root.games $(CURDIR)/debian/xshisen/usr/games/xshisen
- chmod g+s $(CURDIR)/debian/xshisen/usr/games/xshisen
+ chown root.root $(CURDIR)/debian/xshisen/usr/games/xshisen
chmod 644
$(CURDIR)/debian/xshisen/usr/share/games/xshisen/xshisen.scores
# Build architecture-independent files here.
diff --new-file -ur tmp/xshisen-1.51-1/main.C xshisen-1.51-1/main.C
--- tmp/xshisen-1.51-1/main.C 2003-10-29 11:53:41.000000000 -0500
+++ xshisen-1.51-1/main.C 2005-01-27 02:27:48.000000000 -0500
@@ -353,6 +353,7 @@
delete[] scorefile;
if (globRes.scoreOnly) {
+#ifndef NO_GLOBAL_HIGHSCORE
sc->DisplayScore(initial_game_state);
#if USE_MOTIF
XtAddCallback(*sc, XmNokCallback, (XtCallbackProc)ExitCB, NULL);
@@ -360,6 +361,10 @@
XtAddCallback(XtNameToWidget(*sc, "*ok_button"),
XtNcallback, (XtCallbackProc)ExitCB, NULL);
#endif
+#else /* NO_GLOBAL_HIGHSCORE */
+ fprintf(stderr, "System score files not enabled.\n");
+ exit(1);
+#endif /* NO_GLOBAL_HIGHSCORE */
}
else {
GetGameSize(initial_game_state, num_piece_x, num_piece_y);
diff --new-file -ur tmp/xshisen-1.51-1/menubar.C xshisen-1.51-1/menubar.C
--- tmp/xshisen-1.51-1/menubar.C 2002-07-08 01:37:11.000000000 -0400
+++ xshisen-1.51-1/menubar.C 2005-01-27 02:22:48.000000000 -0500
@@ -158,8 +158,13 @@
(XtCallbackProc)GameCB, (XtPointer)1);
XtAddCallback(XtNameToWidget(menushell0, "button_2"), XtNcallback,
(XtCallbackProc)GameCB, (XtPointer)2);
+#ifdef NO_GLOBAL_HIGHSCORE
+ XtVaSetValues(XtNameToWidget(menushell0, "button_3"), XtNsensitive,
+ False, NULL);
+#else
XtAddCallback(XtNameToWidget(menushell0, "button_3"), XtNcallback,
(XtCallbackProc)GameCB, (XtPointer)3);
+#endif
XtAddCallback(XtNameToWidget(menushell0, "button_4"), XtNcallback,
(XtCallbackProc)GameCB, (XtPointer)4);
XtAddCallback(XtNameToWidget(menushell0, "button_5"), XtNcallback,
diff --new-file -ur tmp/xshisen-1.51-1/score.C xshisen-1.51-1/score.C
--- tmp/xshisen-1.51-1/score.C 2005-01-19 15:18:33.000000000 -0500
+++ xshisen-1.51-1/score.C 2005-01-27 02:59:34.000000000 -0500
@@ -374,6 +374,8 @@
struct passwd *pw;
char namebuf[142], myname[NAMELEN+1], gecos[128], *po;
+#ifndef NO_GLOBAL_HIGHSCORE
+
s1 = scoreToRegister / 1000;
ms_to_hms(scoreToRegister, h, m, s);
pw = getpwuid(getuid());
@@ -425,6 +427,7 @@
sprintf(rec[i].time, "%2.2d:%2.2d:%2.2d", tp->tm_hour, tp->tm_min,
tp->tm_sec);
if (writefile() == 0)
DisplayScore(game);
+#endif /* NO_GLOBAL_HIGHSCORE */
}
void
signature.asc
Description: Digital signature
