NetBSD Problem Report #34149
From dholland@eecs.harvard.edu Sun Aug 6 15:36:00 2006
Return-Path: <dholland@eecs.harvard.edu>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by narn.NetBSD.org (Postfix) with ESMTP id 387E063B8C3
for <gnats-bugs@gnats.NetBSD.org>; Sun, 6 Aug 2006 15:36:00 +0000 (UTC)
Message-Id: <20060806153434.0DDB6FA41@tanaqui.eecs.harvard.edu>
Date: Sun, 6 Aug 2006 11:34:33 -0400 (EDT)
From: dholland@eecs.harvard.edu
Reply-To: dholland@eecs.harvard.edu
To: gnats-bugs@NetBSD.org
Subject: angband-tty doesn't work
X-Send-Pr-Version: 3.95
>Number: 34149
>Category: pkg
>Synopsis: angband-tty doesn't work after recent update
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: pkg-manager
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Aug 06 15:40:00 +0000 2006
>Closed-Date: Tue Nov 20 18:14:40 +0000 2018
>Last-Modified: Mon Nov 26 07:20:00 +0000 2018
>Originator: David A. Holland <dholland@eecs.harvard.edu>
>Release: NetBSD 2.0_RC4
>Organization:
>Environment:
NetBSD bantha 2.0_RC4 NetBSD 2.0_RC4 (GENERIC) #0: Sun Oct 17 19:11:36 UTC 2004 autobuild@tgm.netbsd.org:/autobuild/netbsd-2-0/i386/OBJ/autobuild/netbsd-2-0/src/sys/arch/i386/compile/GENERIC i386
Architecture: i386
Machine: i386
>Description:
After the last commit (1.27) of angband-tty's makefile, it doesn't work.
>How-To-Repeat:
% angband
angband: Fatal Error.
%
>Fix:
Index: games/angband-tty/Makefile
===================================================================
RCS file: /cvsroot/pkgsrc/games/angband-tty/Makefile,v
retrieving revision 1.27
diff -u -r1.27 Makefile
--- games/angband-tty/Makefile 3 Jul 2006 05:15:49 -0000 1.27
+++ games/angband-tty/Makefile 6 Aug 2006 15:31:22 -0000
@@ -27,6 +27,7 @@
.endif
INSTALLATION_DIRS= bin
+SETGIDGAME= yes
do-install:
${INSTALL} -d -o bin -g games -m 0775 ${PREFIX}/share/angband
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed
State-Changed-By: cube@netbsd.org
State-Changed-When: Sun, 06 Aug 2006 18:02:39 +0000
State-Changed-Why:
Patch applied, thanks!
From: Quentin Garnier <cube@netbsd.org>
To: gnats-bugs@NetBSD.org
Cc:
Subject: PR/34149 CVS commit: pkgsrc/games/angband-tty
Date: Sun, 6 Aug 2006 18:00:05 +0000 (UTC)
Module Name: pkgsrc
Committed By: cube
Date: Sun Aug 6 18:00:05 UTC 2006
Modified Files:
pkgsrc/games/angband-tty: Makefile
Log Message:
Restore setgid bit (and other related properties) on installed binary.
Bump PKGREVISION.
PR#34149 by David A. Holland.
To generate a diff of this commit:
cvs rdiff -r1.27 -r1.28 pkgsrc/games/angband-tty/Makefile
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: closed->open
State-Changed-By: cube@netbsd.org
State-Changed-When: Sun, 06 Aug 2006 18:28:18 +0000
State-Changed-Why:
Patch un-applied: SETGIDGAME is not to be set by a package.
From: dholland@eecs.harvard.edu (David Holland)
To: gnats-bugs@NetBSD.org
Cc: pkg-manager@netbsd.org, pkgsrc-bugs@netbsd.org,
gnats-admin@netbsd.org, cube@netbsd.org, dholland@eecs.harvard.edu
Subject: Re: pkg/34149 (angband-tty doesn't work after recent update)
Date: Sun, 6 Aug 2006 17:40:19 -0400 (EDT)
> Patch un-applied: SETGIDGAME is not to be set by a package.
Hm... oops.
I admit I didn't look at (or look for) the documentation for
SETGIDGAME, but now that I have I don't think it would have stopped me
from drawing the conclusion that I did.
It should probably be renamed SETGIDGAMES, and the documentation
should say that it's not supposed to be set by packages. (Otherwise
doubtless other people will continue to make the same mistake. As of
yesterday three games set it explicitly: tanked, xgalaga, and
xscrabble.)
Probably a better long-term approach would be to have it go by putting
setgid in $(PKG_OPTIONS).foo, but that's also probably a lot of work.
As for fixing angband... before anyone goes in and starts patching it,
it's probably a good idea to update to the latest version. And to
clean up the divergence between angband-tty and angband-x11, too.
Sigh. And here I thought this was an easy one...
--
- David A. Holland / dholland@eecs.harvard.edu
From: Quentin Garnier <cube@cubidou.net>
To: David Holland <dholland@eecs.harvard.edu>
Cc: gnats-bugs@NetBSD.org
Subject: Re: pkg/34149 (angband-tty doesn't work after recent update)
Date: Sun, 6 Aug 2006 23:54:26 +0200
--HsYKTmaHn9HHfM39
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sun, Aug 06, 2006 at 05:40:19PM -0400, David Holland wrote:
> > Patch un-applied: SETGIDGAME is not to be set by a package.
>=20
> Hm... oops.
>=20
> I admit I didn't look at (or look for) the documentation for
> SETGIDGAME, but now that I have I don't think it would have stopped me
> from drawing the conclusion that I did.
Well, I did that mistake too, so can't blame ya.
> It should probably be renamed SETGIDGAMES, and the documentation
> should say that it's not supposed to be set by packages. (Otherwise
> doubtless other people will continue to make the same mistake. As of
> yesterday three games set it explicitly: tanked, xgalaga, and
> xscrabble.)
>=20
> Probably a better long-term approach would be to have it go by putting
> setgid in $(PKG_OPTIONS).foo, but that's also probably a lot of work.
I don't think it makes much sense to not have it on by default when
installing with privileges. I'll start a discussion on tech-pkg.
> As for fixing angband... before anyone goes in and starts patching it,
> it's probably a good idea to update to the latest version. And to
> clean up the divergence between angband-tty and angband-x11, too.
Yeah. I'll ping the maintainer.
> Sigh. And here I thought this was an easy one...
Famous last words.
--=20
Quentin Garnier - cube@cubidou.net - cube@NetBSD.org
"When I find the controls, I'll go where I like, I'll know where I want
to be, but maybe for now I'll stay right here on a silent sea."
KT Tunstall, Silent Sea, Eye to the Telescope, 2004.
--HsYKTmaHn9HHfM39
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (NetBSD)
iQEVAwUBRNZlEtgoQloHrPnoAQKZFQf/ZTjxa97un+Q7CXsXf39hvBdKg56petaf
EHEHv3bvHY4UGRlkOSwnzLpla4MpyT+DcdhQcfz9lQvpNsF+1n6yQJe23WrdEcby
VPZkGN0nM6IQmqRl9Kj24FgGRadEgv3abFgCahfBV4iOGuq50GUOMT2O4LWK8VYm
ptchPxWAbxv2eiuSUAG10TW/v0dyhjjaRpdqnVakwcXO1tns2/7w0J4zlFuJaf65
V6rMV4GTtJSvlvB8OqgI6AgtCF61T0ue8EG1EvCwypj8squnlfOerbV3lV3ZpeWz
XZQ5cNQdXuyOFhsf61la9HkR8pHo9tcAd4hUKpo+LzdbtX8VnVw+gQ==
=rXN6
-----END PGP SIGNATURE-----
--HsYKTmaHn9HHfM39--
From: dholland@eecs.harvard.edu (David Holland)
To: cube@cubidou.net (Quentin Garnier)
Cc: dholland@eecs.harvard.edu (David Holland), gnats-bugs@NetBSD.org
Subject: Re: pkg/34149 (angband-tty doesn't work after recent update)
Date: Mon, 14 Aug 2006 17:22:27 -0400 (EDT)
> > Probably a better long-term approach would be to have it go by putting
> > setgid in $(PKG_OPTIONS).foo, but that's also probably a lot of work.
>
> I don't think it makes much sense to not have it on by default when
> installing with privileges. I'll start a discussion on tech-pkg.
Well, from a security perspective, it's probably a good idea not to
install random games (many of which are thoroughly insecure) setgid
without asking, just so they can keep a global high scores file.
Most such games don't just crap out instantly if run unprivileged,
though, like angband seems to.
It seems like it ought to be controllable on a per-package basis and
ought to default to on for some packages and not others... which the
current scheme doesn't support.
I'm not familiar enough with pkgsrc to go hack this up myself, at
least not without spending a fair amount of time on it, so tech-pkg is
probably a good idea.
--
- David A. Holland / dholland@eecs.harvard.edu
State-Changed-From-To: open->closed
State-Changed-By: maya@NetBSD.org
State-Changed-When: Tue, 20 Nov 2018 18:14:40 +0000
State-Changed-Why:
The patch did get applied in the end. It might be nice to have less privileged things, but (to be honest) a game being setgid is not the highest priority of the bunch.
From: David Holland <dholland-pbugs@netbsd.org>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: pkg/34149 (angband-tty doesn't work after recent update)
Date: Mon, 26 Nov 2018 07:18:32 +0000
On Tue, Nov 20, 2018 at 06:14:40PM +0000, maya@NetBSD.org wrote:
> State-Changed-From-To: open->closed
> State-Changed-By: maya@NetBSD.org
> State-Changed-When: Tue, 20 Nov 2018 18:14:40 +0000
> State-Changed-Why:
>
> The patch did get applied in the end. It might be nice to have less
> privileged things, but (to be honest) a game being setgid is not
> the highest priority of the bunch.
For the record, when the PR was last touched in 2006 there were
pending questions about what SETGIDGAME was supposed to mean, and
whether pkgsrc ought to have a switch to turn off the setgid of games
that will run without (which doesn't include angband actually) -- all
that got sorted out later, SETGIDGAME has been deprecated for ages,
and I should have closed this PR years ago.
--
David A. Holland
dholland@netbsd.org
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.43 2018/01/16 07:36:43 maya Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2017
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home