From: ashpooljh <ashpooljh@users.noreply.github.com>
To: ml@inbox.vuxu.org
Subject: Re: nethack: fix SYSCF_FILE location
Date: Sat, 12 Dec 2020 00:40:49 +0100 [thread overview]
Message-ID: <20201211234049.uTdxfYEsnbSkvwSYqxvdd0YFSeFMZ2STIaRTI5A4QBs@z> (raw)
In-Reply-To: <gh-mailinglist-notifications-41a7ca26-5023-4802-975b-f1789d68868e-void-packages-27036@inbox.vuxu.org>
[-- Attachment #1: Type: text/plain, Size: 2055 bytes --]
New comment by ashpooljh on void-packages repository
https://github.com/void-linux/void-packages/pull/27036#issuecomment-743483318
Comment:
As of `nethack-3.6.6_1`, the `nethack` binary is installed with the SGID bit (not SUID as I have written in the comment, sorry) and is owned by `nethack:nethack`. This is needed on multi-user systems so that the playground files (e.g. `/var/games/nethack/record`) are writable no matter what user runs the game.
To access these files, the game needs to chdir into the playground. The default path to the playground can be supplied using the `HACKDIR` macro at compile time, and the value can be overridden at runtime using a command line flag or an environment variable. This is where the `SECURE` macro comes in: if a path supplied during runtime is different from the default one (`HACKDIR`) and the `SECURE` macro is defined, the game sets `uid` and `gid` to those of the actual user running the binary. Without this, any user would be able to write into any directory as `:nethack`, which is somewhat of a security oopsie.
Except for the two occasions where this happens on the `unix` target ([1], [2]), I couldn't find any functional checks involving `SECURE`.
I was originally planning to make compile-time `HACKDIR` consistent with the install-time `HACKDIR` and keep `SECURE` undefined, because defining it would break the game: it would drop privs upon chdir into the non-`HACKDIR` playground, be unable to open `record` and exit. However, now I recognize the clever hack behind making `HACKDIR` different during compile-time: this allows to set a different directory as the _default_ playground, even if it's not where the binary is installed. I have therefore opted to leave this hack in place and define `SECURE` to mitigate the slight security risk of rogue `:nethack`.
[1]: https://github.com/NetHack/NetHack/blob/5c291bc54022f74a17985b6a54ac2174bba18700/sys/unix/unixmain.c#L477
[2]: https://github.com/NetHack/NetHack/blob/ac9ba384497879dd935bdf2aa86714dc2a35edd1/util/recover.c#L102
next prev parent reply other threads:[~2020-12-11 23:40 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-08 17:54 [PR PATCH] " ashpooljh
2020-12-08 18:51 ` [PR PATCH] [Updated] " ashpooljh
2020-12-08 18:52 ` ashpooljh
2020-12-08 19:08 ` ashpooljh
2020-12-08 19:10 ` ashpooljh
2020-12-08 19:13 ` leahneukirchen
2020-12-08 19:16 ` leahneukirchen
2020-12-10 9:55 ` [PR PATCH] [Updated] " ashpooljh
2020-12-10 10:02 ` ashpooljh
2020-12-10 10:04 ` ashpooljh
2020-12-11 15:10 ` [PR REVIEW] " ericonr
2020-12-11 16:05 ` ashpooljh
2020-12-11 16:06 ` ashpooljh
2020-12-11 16:16 ` ericonr
2020-12-11 23:26 ` [PR PATCH] [Updated] " ashpooljh
2020-12-11 23:40 ` ashpooljh [this message]
2020-12-11 23:41 ` ashpooljh
2020-12-11 23:43 ` ashpooljh
2020-12-11 23:49 ` ashpooljh
2020-12-12 1:44 ` ericonr
2020-12-12 9:32 ` [PR PATCH] [Updated] " ashpooljh
2020-12-12 9:48 ` ashpooljh
2020-12-16 1:26 ` ericonr
2020-12-16 1:26 ` [PR PATCH] [Merged]: " ericonr
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201211234049.uTdxfYEsnbSkvwSYqxvdd0YFSeFMZ2STIaRTI5A4QBs@z \
--to=ashpooljh@users.noreply.github.com \
--cc=ml@inbox.vuxu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).