Package: tint Version: 0.05+b1 Followup-For: Bug #930128 Hi,
I've looked into this a bit more, and I've found commit a05fa0e30c (in
the Debian git repository [1]). This commit references #769296, which I
will now quote:
Ernest Adrogué <nfdi...@gmail.com> writes:
> As long as the player is in group "games" making tint.scores
> group-writeable should be enough to fix the problem. No need to setgid
> the tint executable.
The maintainer (Ricardo Mones) documented this solution in
/usr/share/doc/tint/README.Debian. However, I think this solution is
inferior to making the binary setgid "games" for a couple reasons:
a) Most games in Debian use the setgid method. I don't see why TINT
should be any different.
b) If a user is part of the "games" group, that user may tamper with
the score file. If the binary is setgid "games", users may only
write to the score file through TINT itself.
Looking at the moon buggy package, I believe the following patch should
make the binary setgid "games" (I tested it out on my machine and it
works):
From 085c8eb8e021c271c1c57311decc638d53276459 Mon Sep 17 00:00:00 2001 From: Asher Gordon <asd...@posteo.net> Date: Mon, 9 Dec 2019 19:13:37 -0500 Subject: [PATCH] Install binary as setgid games. Users now no longer have to be part of the group "games" to save highscores. Also remove README.Debian since it is no longer relevant. --- debian/README.Debian | 12 ------------ debian/rules | 13 +++++++++++++ 2 files changed, 13 insertions(+), 12 deletions(-) delete mode 100644 debian/README.Debian diff --git a/debian/README.Debian b/debian/README.Debian deleted file mode 100644 index 2ccdf2b..0000000 --- a/debian/README.Debian +++ /dev/null @@ -1,12 +0,0 @@ - -TINT Is Not Tetris for Debian ------------------------------ - - Users which are allowed to update the scores file must be added to the - "games" group, otherwise an error message is printed after entering - your name: "Error creating /var/games/tint.scores" - - Simplest method is running "adduser <username> games" as root. User - session must also be restarted to make this change effective. - - -- Ricardo Mones <mo...@debian.org> Sat, 26 Jan 2019 13:59:03 +0100 diff --git a/debian/rules b/debian/rules index 2d33f6a..45e9016 100755 --- a/debian/rules +++ b/debian/rules @@ -1,4 +1,17 @@ #!/usr/bin/make -f +PACKAGE = tint + +# setgid games to access highscore files +INSTALL_GAME = install -p -o root -g games -m 2755 + %: dh $@ + +override_dh_install: + dh_install -X usr/games/$(PACKAGE) + # setgid games + $(INSTALL_GAME) $(PACKAGE) debian/$(PACKAGE)/usr/games/ + +override_dh_fixperms: + dh_fixperms -X usr/games/$(PACKAGE) -- 2.24.0
Note that I have also removed README.Debian in the above patch because it is no longer relevant. Thanks, Asher P.S. I am going to attempt to add a patch tag to this bug (since I added a patch), but I don't know if I have permission to do so, so it may not work (I've never tried before). Footnotes: [1] https://salsa.debian.org/games-team/tint.git -- : The following (relative to AutoSplit 1.03) attempts to please everyone : and perhaps pleases no one: I think that's way cool. -- Larry Wall in <199709292015.naa09...@wall.org> GPG fingerprint: 38F3 975C D173 4037 B397 8095 D4C9 C4FC 5460 8E68
signature.asc
Description: PGP signature
