From: ashpooljh <ashpooljh@users.noreply.github.com>
To: ml@inbox.vuxu.org
Subject: Re: nethack: fix SYSCF_FILE location
Date: Sat, 12 Dec 2020 00:49:25 +0100 [thread overview]
Message-ID: <20201211234925.E3qwEvhTW0CghcUQpNs1e9yzbwP9yZstMGmJX7EL5PE@z> (raw)
In-Reply-To: <gh-mailinglist-notifications-41a7ca26-5023-4802-975b-f1789d68868e-void-packages-27036@inbox.vuxu.org>
[-- Attachment #1: Type: text/plain, Size: 2075 bytes --]
New comment by ashpooljh on void-packages repository
https://github.com/void-linux/void-packages/pull/27036#issuecomment-743483318
Comment:
As of `nethack-3.6.6_1`, the `nethack` binary is installed with the SGID bit (not SUID as I have written in the comment, sorry) and is owned by `nethack:nethack`. This is needed on multi-user systems so that the playground files (e.g. `/var/games/nethack/record`) are writable no matter what user runs the game.
To access these files, the game needs to chdir into the playground. A default path to the playground can be supplied using the `HACKDIR` macro at compile time, and the value can be overridden at runtime using a command line flag or an environment variable. This is where the `SECURE` macro comes in: if the path supplied during runtime is different from the default one (`HACKDIR`) and the `SECURE` macro is defined, the game sets `uid` and `gid` to those of the actual user running the binary. Without this, any user would be able to write into any directory as `:nethack`, which is somewhat of a security oopsie.
Except for the two occasions where this happens on the `unix` target ([1], [2]), I couldn't find any functional checks involving `SECURE`.
I was originally planning to make compile-time `HACKDIR` consistent with the install-time `HACKDIR` and keep `SECURE` undefined, because defining it would break the game: it would drop privs upon chdir into the non-`HACKDIR` playground, be unable to open `record` and exit. However, now I recognize the clever hack behind making `HACKDIR` different during compile-time: this allows to set a different directory as the _default_ playground, even if it's not where the binary is installed. I have therefore opted to leave this hack in place and define `SECURE` to mitigate the slight security risk of rogue-like `:nethack` (pun intended).
[1]: https://github.com/NetHack/NetHack/blob/5c291bc54022f74a17985b6a54ac2174bba18700/sys/unix/unixmain.c#L477
[2]: https://github.com/NetHack/NetHack/blob/ac9ba384497879dd935bdf2aa86714dc2a35edd1/util/recover.c#L102
next prev parent reply other threads:[~2020-12-11 23:49 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-08 17:54 [PR PATCH] " ashpooljh
2020-12-08 18:51 ` [PR PATCH] [Updated] " ashpooljh
2020-12-08 18:52 ` ashpooljh
2020-12-08 19:08 ` ashpooljh
2020-12-08 19:10 ` ashpooljh
2020-12-08 19:13 ` leahneukirchen
2020-12-08 19:16 ` leahneukirchen
2020-12-10 9:55 ` [PR PATCH] [Updated] " ashpooljh
2020-12-10 10:02 ` ashpooljh
2020-12-10 10:04 ` ashpooljh
2020-12-11 15:10 ` [PR REVIEW] " ericonr
2020-12-11 16:05 ` ashpooljh
2020-12-11 16:06 ` ashpooljh
2020-12-11 16:16 ` ericonr
2020-12-11 23:26 ` [PR PATCH] [Updated] " ashpooljh
2020-12-11 23:40 ` ashpooljh
2020-12-11 23:41 ` ashpooljh
2020-12-11 23:43 ` ashpooljh
2020-12-11 23:49 ` ashpooljh [this message]
2020-12-12 1:44 ` ericonr
2020-12-12 9:32 ` [PR PATCH] [Updated] " ashpooljh
2020-12-12 9:48 ` ashpooljh
2020-12-16 1:26 ` ericonr
2020-12-16 1:26 ` [PR PATCH] [Merged]: " ericonr
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201211234925.E3qwEvhTW0CghcUQpNs1e9yzbwP9yZstMGmJX7EL5PE@z \
--to=ashpooljh@users.noreply.github.com \
--cc=ml@inbox.vuxu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).