[Nix-dev] bsd-games-2.17: monop

Christopher Howard christopher.howard at frigidcode.com
Wed Jan 9 08:53:08 CET 2013

On 01/08/2013 09:00 PM, Florian Friesdorf wrote:
> Christopher Howard <christopher.howard at frigidcode.com> writes:
> I fixed this (https://github.com/NixOS/nixpkgs/issues/251) and also set
> the varlibdir to ".". Games should therefore create there score file in
> the directory they are started from. For beret we solved it the same way
> and it feels most flexible. Open for better ideas.
> thx for reporting!

Thank you for a very quick response. The changes overall look like a
strong improvement.

I must confess a slight aversion to the idea of using the current
working directory for variable data storage. Any program which does this
has the unpleasant tendency of leaving annoying data "nuggets" at random
locations in the system (where ever the user happened to have started
the game from).

In this particular case, I think it would be wiser to put variable data
into $out/var/games (presuming there is no technical reason this can be
done). The bsd-games configuration commentary states:

See SECURITY for a discussion of security issues related to score files.
There are at least two possible security policies if you want them to
work.  You can make the files world-writable, and then anyone who wants
can put anything in them, which may not be desirable if you think people
might cheat this way.  Or you can make the games that use them setgid
games, and give the files permissions 0664.  Note, however, that some
of the games may well be insecure when this is done and
malicious users may still be able to overwrite anything writable by
group games, since the games were probably not designed with security in
mind, although version 2.2 is more secure than earlier versions.
The default is neither of these: it creates scorefiles with
permissions 0644 and gives the games no special privileges, which is
more secure but means that the games will fail when trying to write
to their scorefiles.

In short, bsd-games were coded (unfortunately) with the /expectation/
that scorefiles will be written to a global location on the system. (The
idea being that multiple users could share a score file.) I think the
use of $out/var/games supports this historic expection, allowing for a
global score file, in the event of a global installation by root. (Root
would then have to personally chmod the score file to allow global
access, which is a reasonable expectation.) On the other hand, if the
installation is local one, by a non-root user, score files will be
conveniently sequestered to $HOME/.nix-profile/var/games.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 553 bytes
Desc: OpenPGP digital signature
Url : http://lists.science.uu.nl/pipermail/nix-dev/attachments/20130108/7e099bbe/attachment.bin 

More information about the nix-dev mailing list