[Bug 183089] Review Request: ularn - a text-based roguelike game
bugzilla at redhat.com
bugzilla at redhat.com
Thu Mar 16 15:36:29 UTC 2006
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Review Request: ularn - a text-based roguelike game
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=183089
------- Additional Comments From wart at kobold.org 2006-03-16 10:36 EST -------
(In reply to comment #4)
> Looking at the specfile some more comments:
> -the config.sh stuff is messy, very messy. But if it works it works.
Yes, it is messy. Unfortunately, the included Configure script is interactive
and thus, unsuitable for being run in a rpm spec file. sed + a pregenerated
configure output file seemed like the next best solution.
> -why games games as default group/owner. This should be root root
I thought I had fixed that to %defattr(-root,root,-) in the -2 package. See
comment #1.
> -why games games for the binary, this should be root games. This way if someone
> manages to get games uid rights he still can't modify (trojan) the binary
Good point. The scoreboard should also be made root.games.
> -why the fortune help and maps in /var/games can these be modified?
The fortune file contains messages for fountains. The help is displayed in-game
and may be used to provide specific messages to players when they run the game.
The maps file contains maps for the final volcano levels. While all of these
are modifiable, it is more likely that the help and fortunes file will change
and the maps will remain static. Unfortunately, the game searches for all 4
(including the scoreboard) of these files in the same directory. I could patch
the game to place maps in %{_datadir} and fortune and help in %{_sysconfdir},
but it seemed simplest to leave them all in /var/games/ularn.
If the package placed only one file in /var/games, then there wouldn't be a need
for the <gamename> subdir. But since there's 4 files, the subdir helps reduce
the clutter.
> -why 775 for the dir can't you precreate the highscore file and make it 664 and
> leave the directory as default (755). Or even better move maps help and fortunes
> to /use/share and put the highscore file directly /var/games (with a name
> indicating its owner package like ularn-highscores.bin)
>
> And judging from the ularn-build.patch will all the varg stuff
The vararg stuff is a nightmare. Many of these early roguelike games seemed to
feel that they had to rewrite sprintf, which introduced all of this mess.
I haven't tried using a precreated highscore file. That's a good idea and
should let us tighten up some of the file permissions, assuming it works. It
seems that the setgid trick isn't actually letting me write to the scoreboard
file, however. I'll have to dig around to see what's wrong with that.
> its a security
> nigthmare, it doesnot do any networking does it? Otherwise it will first need a
> full audit.
Networking? Oh my, no. ularn predates network-aware games. The only way you
can use it in a networked environment is with 'ssh -t hostname ularn'. :)
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the fedora-extras-list
mailing list