Nethack 3.4.3 [PSARC/2008/172 FastTrack timeout 03/11/2008]

Danek Duvall danek.duvall at sun.com
Tue Mar 4 13:46:42 PST 2008 

I'm sponsoring this case for myself.  It should qualify for patch binding,
though I currently have no intent on delivering in a patch.

The proposal is in the case directory as proposal.txt; the man page is in
materials/nethack.6.

======================================================================

1.  Summary

Nethack[1] is a terminal-based game, based on rogue, in which your
character descends through a dungeon to fight monsters, gain experience,
and eventually capture the Amulet of Yendor and sacrifice it on the altar
of your god in the Astral Plane.


2.  Issues

    2.1 Setgid "games"

    The only inherently interesting issue is that nethack games leave files
    behind that are intended to be shared by multiple players.  This
    includes a shared scoreboard, a logfile, a saved-games directory, and
    "bones" files (remains of characters who have died).  These are best
    shared so that one can compare one's score with others and dig through
    their bones piles.  If these files are put in a directory open to being
    written by the world, it only really affects nethack, but it means it's
    easy for players to cheat -- by restoring saved games, manipulating
    bones files, and so on -- and even to annoy other players.

    Thus I'm proposing the addition of a unix group dedicated to games,
    that the shared directory be owned by group "games", and that nethack
    be installed setgid "games".  This allows users to be unable to
    manipulate these files except through nethack itself.  Any exploits
    that might be possible through this minimal "privilege elevation" would
    be limited only to the contents of /var/games, which is ultimately of
    limited value to the system.

    2.2 Historical UNIX gaming

    I'm proposing to re-introduce section 6 of the manual -- thus
    nethack(6).  However, I'm not proposing to re-introduce /usr/games, as
    that violates serendipitous discovery, and doesn't seem to add any
    value to the system.

3.  Interfaces

    /usr/bin/nethack      Uncommitted        Executable location, CLI
    /usr/lib/nethack      Project Private    Game data directory
    /var/games            Committed          Writeable area for games
    /var/games/nethack    Uncommitted        Writeable area for nethack
    games                 Committed          group name


4.  References

    1  http://www.nethack.org/

More information about the opensolaris-arc mailing list