GNOME Bugzilla – Bug 749682
Allow saving scores in /var/games
Last modified: 2018-05-22 12:27:20 UTC
Enough users have complained about scores moving to the home directory that it would be good to provide an option to revert to storing scores in /var/games. The option is only of interest to system administrators so no need to expose it in the UI; it can be a single gsetting shared between all games. This means we have to go back to using setgid on the games binaries. I frankly don't see the problem with that -- if you have a games group with access to sensitive data, you really need to rethink that.
I think the problem with setgid games is that its an archaic way of implementing a shared scoreboard with all the inherent issues with set_id binaries. A system DBUS interface and underlying implementation sounds much more modern. Not that I'll do any of it...;)
(In reply to Yanko Kaneti from comment #1) > I think the problem with setgid games is that its an archaic way of > implementing a shared scoreboard with all the inherent issues with set_id > binaries. Can you elaborate on these issues? I'm not too concerned about a privilege escalation to the games group: the worst that could happen is the attacker can change scores. Unless the admin gives strange permissions to the games group. > A system DBUS interface and underlying implementation sounds much more > modern. Can the D-Bus interface be restricted to work only for approved games? Or do we just accept that unprivileged users can write scores without an exploit?
Privilege escalation is the one I am thinking of. And I am not saying its that big of a deal, its just an ugly one.
(In reply to Michael Catanzaro from comment #2) > > A system DBUS interface and underlying implementation sounds much more > > modern. > > Can the D-Bus interface be restricted to work only for approved games? Or do > we just accept that unprivileged users can write scores without an exploit? Haven't thought much about it but basically I am thinking along the lines - trying to combat cheating about one's own scores on a shared scoreboard is pointless - should be able to add scores but not change the ones already added - should be able to delete part or all of their own scores - should be able to filter the presented scoretables with: - just own scores - exclude scores from certain users Or something like that...
(In reply to Yanko Kaneti from comment #4) > Haven't thought much about it but basically I am thinking along the lines > - trying to combat cheating about one's own scores on a shared scoreboard is > pointless That's the problem solved by the setgid binary: only the games installed by the system administrator have permission to write to the scores file, so if you want to cheat by adding a bogus score, you'd need to write an exploit against GNOME Mines (or whatever other games are installed).
Given the attack surface of games I don't think it will be a matter of having to write an exploit yourself for most people who want to cheat. Just perusing whatever the internet provides for any games that might be in fedora, is setgid and has a hole.
So when you say solved, I see a futile attempt to curb cheating.
-- GitLab Migration Automatic Message -- This bug has been migrated to GNOME's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/libgnome-games-support/issues/3.