Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Gentoo games group leads to security hole - big surprise(!)
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2  
Reply to topic    Gentoo Forums Forum Index Gentoo Chat
View previous topic :: View next topic  
Author Message
dashkal
n00b
n00b


Joined: 12 Apr 2006
Posts: 2

PostPosted: Wed Apr 12, 2006 11:13 pm    Post subject: Reply with quote

I do rather hope gentoo comes into line with the "standard" use of the games group.
My policy has been simply to roll my own games into /usr/local rather than deal with the oddities of having to actually be in the "games" group.

So yeah, I'm a regular user who disagrees with the games team's stance on restricting games to the games group.

Rather pointless anyway considering any user can compile/install their own games to ${HOME} anyway...
Back to top
View user's profile Send private message
mrsteven
Veteran
Veteran


Joined: 04 Jul 2003
Posts: 1895

PostPosted: Thu Apr 13, 2006 9:40 am    Post subject: Reply with quote

dashkal wrote:
Rather pointless anyway considering any user can compile/install their own games to ${HOME} anyway...

...which you can avoid by mounting /home /tmp /var/tmp with the noexec option.
_________________
Unix philosophy: "Do one thing and do it well."
systemd: "Do everything and do it wrong."
Back to top
View user's profile Send private message
Naib
Advocate
Advocate


Joined: 21 May 2004
Posts: 4158
Location: Removed by Neddy

PostPosted: Thu Apr 13, 2006 11:25 am    Post subject: Reply with quote

new_to_non_X86 wrote:
PaulBredbury wrote:
the bug is obviously in the nethack code

wolf31o2 wrote:
This *is* 100% a bug in nethack


nethack code or not the way gentoo handle games must be fixed
but we can temporaly patch nethack.while working on resloving this issue


By "we" you mean Gentoo:Devs.

This is purely a problem with NetHack that comes visible via Gentoo's use of "games" group. Is the blame Gentoo's? NO is the blame NetHack? YES

No other game that requires a use to be part of "games" group does this so how can it be Gentoo's fault?

I quite like the principle of the Games group make's sense only ppl in the games group can play
_________________
A free press is the unsleeping guardian of every other right that free men prize; it is the most dangerous foe of tyranny. Where men have the habit of liberty, the Press will continue to be the vigilant guardian of the rights of the ordinary citizen.
Back to top
View user's profile Send private message
mrsteven
Veteran
Veteran


Joined: 04 Jul 2003
Posts: 1895

PostPosted: Thu Apr 13, 2006 11:42 am    Post subject: Reply with quote

Indeed it's really simple: If Gentoo handled the permissons for games and game data correctly, there would be no problem. If I followed your argumentation, I'd have to say that all *nix-like OSes are crap, because if you set wrong permissions for example on /dev/hda, bad things can happen.

It is possible to restrict access to the installed games anyway, as it is discussed in the bug report.
_________________
Unix philosophy: "Do one thing and do it well."
systemd: "Do everything and do it wrong."
Back to top
View user's profile Send private message
dashkal
n00b
n00b


Joined: 12 Apr 2006
Posts: 2

PostPosted: Fri Apr 14, 2006 7:30 pm    Post subject: Reply with quote

mrsteven wrote:
dashkal wrote:
Rather pointless anyway considering any user can compile/install their own games to ${HOME} anyway...

...which you can avoid by mounting /home /tmp /var/tmp with the noexec option.


True, but that requires extra work anyway. Without resorting to drastic measures like that, the restricted games policy doesn't actually stop anything.
Back to top
View user's profile Send private message
CMthoma
n00b
n00b


Joined: 19 Apr 2006
Posts: 1

PostPosted: Wed Apr 19, 2006 7:00 am    Post subject: Reply with quote

I just noticed that nethack was masked today, came across this thread; sorry for the bump. And sorry if someone has mentioned this elsewhere, it seems brutually obvious, but I just haven't seen it.

Attaining the secure, standard behavior is not an involved process in the least; for me, it was as easy as 3 chmods and a /etc/group edit. You just have to make /usr/games and /usr/games/* world readable and executable, and /usr/games/bin/* world readable, executable, and setgid (that's a 2 in the first octal.) Remove your users from the games group and it works automatically; I played a game of bastet and it read and wrote the high score file no problem.

I've seen it proposed elsewhere that there should be a games-update (akin to etc-update and opengl-update) tool, run following game emerges, in the interim while the nearly 800 packages in games-*/ are fixed, this would be a good solution, I think. All the script needs to do is refresh the perms as I stated above, very simply like so:

Code:

#!/bin/sh

chmod 0755 /usr/games
chmod 0755 /usr/games/*
chmod 2751 /usr/games/bin/*


Naturally, this doesn't cover all games, such as those installed to /opt (All those Id games, for instance.) The script would have to be extended for those cases, or the user would otherwise be advised to do it manually. Of course, this interim standards-compliance hack is completely optional, and would probably only be done by those obsessed with security; the average user that didn't notice the GLSA would go on living their life as normal until they emerge after whatever change in policy occurs (if one occurs at all.)

On another note, I think all the people putting the blame fully on the upstream devs are kind of reaffirming some of the bad stereotypes that users of older, more conventional distros have of us, that we're some kind of fanatical Linux-cult that likes to break things and blame upstream when things go wrong. Obviously Nethack shouldn't have this buffer overflow vulnerability, and its probably a good thing that it got exposed; but how can anyone so vehemently defend the ability for regular users to edit highscore files as has been the Gentoo way since the beginning? Not that I'm attacking anyone, I just don't see the logic in it. I've always personally seen the Gentoo games group as an inappropriate enforcement of policy, anyway, where most everywhere else in Gentoo seems to be more oriented on mechanism.
Back to top
View user's profile Send private message
Arek75
n00b
n00b


Joined: 11 Nov 2004
Posts: 25

PostPosted: Wed Apr 19, 2006 4:14 pm    Post subject: Reply with quote

Just out of curiosity...Is there a good reason (for the average linux user) that gentoo restricts running games to the members of the games group? I can see such a restriction in a corporate-style envoronment where there's a policy stating "no games on the job", but is that where the majority of Gentoo linux machines end up?

Perhaps, as at least a temporary solution, have games be group-executable for the 'users' group, rather than the 'games' group by default (with USE="gamesgrouprestriction" to revert the behavior). Keeping it restricted to users (imo) is a good idea, since it would keep anonymous users from accessing them.

Additionally, how about adding a 'saves' group for savegames, highscores, nd the like (no group members, tho)? This would help keep problems like this one in NetHack from cropping up again.

--Arek

P.S. None of this excuses NetHack for having faulty code. This is a recommendation for simplifying gentoo's games handling from the users' prospective.
Back to top
View user's profile Send private message
mrsteven
Veteran
Veteran


Joined: 04 Jul 2003
Posts: 1895

PostPosted: Fri May 19, 2006 10:46 am    Post subject: Reply with quote

Is there anything going on about that? There has been no activity on b.g.o about that since last month... Anybody working on this?
_________________
Unix philosophy: "Do one thing and do it well."
systemd: "Do everything and do it wrong."
Back to top
View user's profile Send private message
srm
n00b
n00b


Joined: 14 Dec 2005
Posts: 71
Location: in da Heide. this globe

PostPosted: Sun Mar 18, 2007 8:26 pm    Post subject: Reply with quote

regarding bugs.gentoo (http://bugs.gentoo.org/show_bug.cgi?id=125902)
there is discussion about creating a new user/group for every game you will install.
at the first look, i think i would dislike somth. like that, for i feel like this would be kinda messy...on the other hand, mysql also needed new user(s) and i don't think i will pull in all games and therefor hav 20.000 harcore members on my box :D
so, let's see how this goes...nethack still hardmasked...*waiting for the summertime*

bye
_________________
I'm no longer angry,for having to truncate my sig because it got to long with the following reminder:
Please check unanswered posts
co chaoid sounds
Back to top
View user's profile Send private message
Archangel1
Veteran
Veteran


Joined: 21 Apr 2004
Posts: 1212
Location: Work

PostPosted: Mon Mar 19, 2007 3:59 am    Post subject: Reply with quote

Does anyone else think Nethack's approach is a bit weird? Writing savegames to somewhere other than ~ seems a bit twisted...
What's it meant to accomplish anyway? I know that I'm not meant to be able to restore a game if I die, but if I want to take an image of the game's data and copy it back later, I can - heck, if I really wanted to cheat, being required to su isn't going to stop me.
_________________
What are you, stupid?
Back to top
View user's profile Send private message
dleverton
Guru
Guru


Joined: 28 Aug 2006
Posts: 517

PostPosted: Mon Mar 19, 2007 12:23 pm    Post subject: Reply with quote

Archangel1 wrote:
heck, if I really wanted to cheat, being required to su isn't going to stop me.

It is if you're on a multiuser system where you don't have su access. In that case it's important that you don't cheat, because your games interact with other people's via the bones files and high-score table.
Back to top
View user's profile Send private message
mikegpitt
Advocate
Advocate


Joined: 22 May 2004
Posts: 3200

PostPosted: Tue Mar 20, 2007 3:40 pm    Post subject: Reply with quote

srm wrote:
regarding bugs.gentoo (http://bugs.gentoo.org/show_bug.cgi?id=125902)
there is discussion about creating a new user/group for every game you will install.
at the first look, i think i would dislike somth. like that, for i feel like this would be kinda messy...on the other hand, mysql also needed new user(s) and i don't think i will pull in all games and therefor hav 20.000 harcore members on my box :D
so, let's see how this goes...nethack still hardmasked...*waiting for the summertime*

bye
This seems like a messy solution. I know the system can handle lots of users, but for a home desktop this doesn't appeal to me. I've been using gentoo for too long to remember how other distros handle games, but I'm betting they do something cleaner than creating lots of users.
Back to top
View user's profile Send private message
Dralnu
Veteran
Veteran


Joined: 24 May 2006
Posts: 1919

PostPosted: Tue Mar 20, 2007 4:07 pm    Post subject: Reply with quote

my .02C

move games from /usr/games to /opt/games. A symlink to start would make for a quick fix - drop it in a few months, and fix the handling in the mean time.

Make a group for each game (for an example, nethackexec), with a single group to give you access to EVERY game so that the admin has a normal user without a long list of games.

wherever game data is saved, change the directory's permissions to that of the game itself, and no one else (in this case, nethack:nethack).

It would be alot of work, and while we all know the devs have their own motives, this needs to be fixed CORRECTLY instead of another hack-fix on the system.

This problem may be with a bug in Nethack, but this is a bug that has exposed another problem with our non-FHS compliant system layout and setup.
_________________
The day Microsoft makes a product that doesn't suck, is the day they make a vacuum cleaner.
Back to top
View user's profile Send private message
mikegpitt
Advocate
Advocate


Joined: 22 May 2004
Posts: 3200

PostPosted: Tue Mar 20, 2007 11:20 pm    Post subject: Reply with quote

Ya know... this is something where use flags come in very handy. It would be nice to see a "global-stats" useflag that when enabled allowed scored to be shared. This way, if there was a messy solution liek adding users and groups, at least it can be controled.

Although it is better to fix the problem...
Back to top
View user's profile Send private message
Archangel1
Veteran
Veteran


Joined: 21 Apr 2004
Posts: 1212
Location: Work

PostPosted: Tue Mar 20, 2007 11:20 pm    Post subject: Reply with quote

dleverton wrote:
Archangel1 wrote:
heck, if I really wanted to cheat, being required to su isn't going to stop me.

It is if you're on a multiuser system where you don't have su access. In that case it's important that you don't cheat, because your games interact with other people's via the bones files and high-score table.

Yeah that's obviously true - my point was just that if it doesn't work in all cases (and I bet most of the people playing NetHack are doing it on a machine they have the ability to su on), then what's the point in worrying? They're trying to use system permissions to enforce an inability to "cheat", but that only actually works for some of their users, not all.
_________________
What are you, stupid?
Back to top
View user's profile Send private message
dleverton
Guru
Guru


Joined: 28 Aug 2006
Posts: 517

PostPosted: Wed Mar 21, 2007 12:23 am    Post subject: Reply with quote

Archangel1 wrote:
Yeah that's obviously true - my point was just that if it doesn't work in all cases (and I bet most of the people playing NetHack are doing it on a machine they have the ability to su on), then what's the point in worrying? They're trying to use system permissions to enforce an inability to "cheat", but that only actually works for some of their users, not all.

That's not the point. No-one cares if you cheat on your own private system - "you're only cheating yourself" and all that - and since you have the source there are innumerable ways you can cheat anyway. The restriction is to stop you from cheating in ways that will affect other people. You can still compile your own hacked version in your home directory, but then that copy can't (or shouldn't be able to, with the "standard" permissions) modify the system-wide files. (It still doesn't protect users from a mischievous admin, but if you don't trust your admin you're screwed anyway.)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Gentoo Chat All times are GMT
Goto page Previous  1, 2
Page 2 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum