Bug#930128: tint: Error creating /var/games/tint.scores
Package: tint Version: 0.05+b1 Followup-For: Bug #930128 Hi, I've looked into this a bit more, and I've found commit a05fa0e30c (in the Debian git repository [1]). This commit references #769296, which I will now quote: Ernest Adrogué writes: > As long as the player is in group "games" making tint.scores > group-writeable should be enough to fix the problem. No need to setgid > the tint executable. The maintainer (Ricardo Mones) documented this solution in /usr/share/doc/tint/README.Debian. However, I think this solution is inferior to making the binary setgid "games" for a couple reasons: a) Most games in Debian use the setgid method. I don't see why TINT should be any different. b) If a user is part of the "games" group, that user may tamper with the score file. If the binary is setgid "games", users may only write to the score file through TINT itself. Looking at the moon buggy package, I believe the following patch should make the binary setgid "games" (I tested it out on my machine and it works): From 085c8eb8e021c271c1c57311decc638d53276459 Mon Sep 17 00:00:00 2001 From: Asher Gordon Date: Mon, 9 Dec 2019 19:13:37 -0500 Subject: [PATCH] Install binary as setgid games. Users now no longer have to be part of the group "games" to save highscores. Also remove README.Debian since it is no longer relevant. --- debian/README.Debian | 12 debian/rules | 13 + 2 files changed, 13 insertions(+), 12 deletions(-) delete mode 100644 debian/README.Debian diff --git a/debian/README.Debian b/debian/README.Debian deleted file mode 100644 index 2ccdf2b..000 --- a/debian/README.Debian +++ /dev/null @@ -1,12 +0,0 @@ - -TINT Is Not Tetris for Debian -- - - Users which are allowed to update the scores file must be added to the - "games" group, otherwise an error message is printed after entering - your name: "Error creating /var/games/tint.scores" - - Simplest method is running "adduser games" as root. User - session must also be restarted to make this change effective. - - -- Ricardo Mones Sat, 26 Jan 2019 13:59:03 +0100 diff --git a/debian/rules b/debian/rules index 2d33f6a..45e9016 100755 --- a/debian/rules +++ b/debian/rules @@ -1,4 +1,17 @@ #!/usr/bin/make -f +PACKAGE = tint + +# setgid games to access highscore files +INSTALL_GAME = install -p -o root -g games -m 2755 + %: dh $@ + +override_dh_install: + dh_install -X usr/games/$(PACKAGE) + # setgid games + $(INSTALL_GAME) $(PACKAGE) debian/$(PACKAGE)/usr/games/ + +override_dh_fixperms: + dh_fixperms -X usr/games/$(PACKAGE) -- 2.24.0 Note that I have also removed README.Debian in the above patch because it is no longer relevant. Thanks, Asher P.S. I am going to attempt to add a patch tag to this bug (since I added a patch), but I don't know if I have permission to do so, so it may not work (I've never tried before). Footnotes: [1] https://salsa.debian.org/games-team/tint.git -- : The following (relative to AutoSplit 1.03) attempts to please everyone : and perhaps pleases no one: I think that's way cool. -- Larry Wall in <199709292015.naa09...@wall.org> GPG fingerprint: 38F3 975C D173 4037 B397 8095 D4C9 C4FC 5460 8E68 signature.asc Description: PGP signature
Bug#930128: tint: Error creating /var/games/tint.scores
Package: tint Version: 0.05+b1 Followup-For: Bug #930128 Hi Mark, Mark Van den Borre writes: > May I suggest updating the default high scores file to the user's home > directory? A better solution would be to have /usr/games/tint binary be owned by the group "games" and set the set-group-ID bit. This would allow it to write /var/games/tint.scores since that file is writable by the "games" group. This solution is better than having the high scores file in the user's home directory, because this way if multiple users are playing, they can each see each others high scores. In fact, many games in Debian do this already (take moon-buggy for example). You can work around this bug by changing the group and set-group-ID bit yourself: $ su Password: # chown root:games /usr/games/tint # chmod g+s /usr/games/tint # exit $ ls -l /usr/games/tint -rwxr-sr-x 1 root games 27032 Aug 7 04:48 /usr/games/tint* $ tint Choose a level to start [1-9]: 1 PLAYER STATISTICS Score 186 Efficiency -1 Score ratio 8 Congratulations! You have a new high score. Enter your name [asher]: Asher TINT HIGH SCORES Rank ScoreName 1* 186Asher Hopefully you get a better score than I did, but as you can see, it did save the score. By the way: I played TINT a while ago, and I'm pretty sure this bug wasn't present then (most likely someone accidentally removed the set-group-ID bit from the package since then). Also, in my opinion, the severity of this bug should be important or even serious since saving high scores are a big part of the game. But I'll leave that up to the Maintainers to decide. Asher -- It's better to be quotable than to be honest. -- Tom Stoppard GPG fingerprint: 38F3 975C D173 4037 B397 8095 D4C9 C4FC 5460 8E68 -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 5.3.0-2-amd64 (SMP w/2 CPU cores) Kernel taint flags: TAINT_FIRMWARE_WORKAROUND Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages tint depends on: ii libc62.29-3 ii libncurses6 6.1+20191019-1 ii libtinfo66.1+20191019-1 tint recommends no packages. tint suggests no packages. -- no debconf information signature.asc Description: PGP signature
Bug#930128: tint: Error creating /var/games/tint.scores
Package: tint Version: 0.04+nmu1+b2 Severity: minor Dear Maintainer, By default, when trying to finishing a game, tint tries to create a high scores file in /var/games/tint.scores. When run as an ordinary user, it doesn't have sufficient permissions to do so. May I suggest updating the default high scores file to the user's home directory? Thank you for your work on Debian! Kind regards, Mark -- System Information: Debian Release: 10.0 APT prefers stable APT policy: (500, 'stable'), (101, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386, armhf Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=nl_BE.UTF-8, LC_CTYPE=nl_BE.UTF-8 (charmap=UTF-8), LANGUAGE=nl_BE:nl (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages tint depends on: ii libc62.28-10 ii libncurses5 6.1+20181013-2 ii libtinfo56.1+20181013-2 tint recommends no packages. tint suggests no packages. -- no debconf information