Package: dodgindiamond2 Version: 0.2.2-5.1 Severity: wishlist User: [email protected] Usertags: setgid
The /usr/games/dodgindiamond2 executable is setgid games. Because this game depends on libraries that make no attempt to avoid privilege escalation from the caller to the games group, this use of setgid is basically security theatre: it's essentially equivalent to making the high scores world-writeable. In particular, because this game depends on SDL, it's very easy to use it to escalate privileges to the games group. SDL is not designed to be used by set*id executables (reference: https://github.com/libsdl-org/SDL/issues/14717). Discussion on the debian-devel-games list starting at https://lists.debian.org/debian-devel-games/2025/12/msg00016.html (or equivalently https://lists.debian.org/msgid-search/[email protected]) indicates that several games team members think the complexity cost and security implications of games being setgid are too high a price to pay for shared high scores on multi-user systems. Could this game be modified to save game state to a per-user location instead? In SDL 2 or later, the SDL_PrefPath() is likely to be the most suitable place. Unfortunately SDL 1.2 doesn't have that function, but it could be copied or reimplemented if necessary: on Unix, it's an implementation of XDG_DATA_HOME from the XDG Base Directory specification <https://specifications.freedesktop.org/basedir/latest/> (typically it will end up using a subdirectory of ~/.local/share named after the game). Ideally the game would copy the high score file from /var/games/dodgindiamond2/hiscore into the appropriate location in the user's home directory during startup in order to preserve existing high scores. Thanks, smcv
