Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Review Request: ularn - a text-based roguelike game https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=183089 ------- Additional Comments From wart@xxxxxxxxxx 2006-03-16 10:36 EST ------- (In reply to comment #4) > Looking at the specfile some more comments: > -the config.sh stuff is messy, very messy. But if it works it works. Yes, it is messy. Unfortunately, the included Configure script is interactive and thus, unsuitable for being run in a rpm spec file. sed + a pregenerated configure output file seemed like the next best solution. > -why games games as default group/owner. This should be root root I thought I had fixed that to %defattr(-root,root,-) in the -2 package. See comment #1. > -why games games for the binary, this should be root games. This way if someone > manages to get games uid rights he still can't modify (trojan) the binary Good point. The scoreboard should also be made root.games. > -why the fortune help and maps in /var/games can these be modified? The fortune file contains messages for fountains. The help is displayed in-game and may be used to provide specific messages to players when they run the game. The maps file contains maps for the final volcano levels. While all of these are modifiable, it is more likely that the help and fortunes file will change and the maps will remain static. Unfortunately, the game searches for all 4 (including the scoreboard) of these files in the same directory. I could patch the game to place maps in %{_datadir} and fortune and help in %{_sysconfdir}, but it seemed simplest to leave them all in /var/games/ularn. If the package placed only one file in /var/games, then there wouldn't be a need for the <gamename> subdir. But since there's 4 files, the subdir helps reduce the clutter. > -why 775 for the dir can't you precreate the highscore file and make it 664 and > leave the directory as default (755). Or even better move maps help and fortunes > to /use/share and put the highscore file directly /var/games (with a name > indicating its owner package like ularn-highscores.bin) > > And judging from the ularn-build.patch will all the varg stuff The vararg stuff is a nightmare. Many of these early roguelike games seemed to feel that they had to rewrite sprintf, which introduced all of this mess. I haven't tried using a precreated highscore file. That's a good idea and should let us tighten up some of the file permissions, assuming it works. It seems that the setgid trick isn't actually letting me write to the scoreboard file, however. I'll have to dig around to see what's wrong with that. > its a security > nigthmare, it doesnot do any networking does it? Otherwise it will first need a > full audit. Networking? Oh my, no. ularn predates network-aware games. The only way you can use it in a networked environment is with 'ssh -t hostname ularn'. :) -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact. -- fedora-extras-list mailing list fedora-extras-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-list
