General discussion thread about nbsdgames HOT 17 CLOSED

Darrt is added, is it good?

from nbsdgames.

Now there is 17 of them! Some small changes and there will be a new version.

from nbsdgames.

Nice! I wrote news post. ^__^ https://www.linux.org.ru/news/games/16276697

from nbsdgames.

Cool!
(Also you can keep laying new pipes after the time runs out, the time is for when the fluid will flow)

from nbsdgames.

Hi, thank you for mentioning it. I made a car game with nice ASCII art where you had to hit zombies and avoid humans. It needed such an input/output speed (in order to be challenging) that it would only be playable under Linux TTY, even xterm lagged. So I dropped the project half-way.

I tried making something like ksnakeduel for terminal, but having an AI that would be enough challenge within the gameplay which the speed, graphics and input limits of curses permitted proved to be hard. I tried some fancy algorithms for a while and then simply forgot about it.

I may try making other games in near future.

from nbsdgames.

I made a car game with nice ASCII art where you had to hit zombies and avoid humans.

Sound cool. It's pity that project is dropped.

I may try making other games in near future.

It's really good. I will wait new version of your awesome games collection. ASCII games are best games ever. ^__^

from nbsdgames.

It is fun to play. I like idea to mix well-known darts game and typing game.

P.S. Wow! Letter 'H' gave me million points. ^__^

https://imgur.com/a/FCEcFFB

from nbsdgames.

Yeah! I beat Rabbithole game. This was not easy.

https://imgur.com/a/k81ICVQ

from nbsdgames.

from nbsdgames.

@abakh, I want write news post on big russian linux forum (my other post about good ascii game - https://www.linux.org.ru/news/games/15907069). Please tell me when you will bump the version number. This is good reason will to write news post.

P.S.

About

A package of 15 text-based modern games

Pls fix it. 16 games. :-)

from nbsdgames.

I've made a FreeBSD port: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255346

It might take a few days to be accepted, but then you can do pkg install nbsdgames to get the project (on the “latest” branch; “quarterly” will have to wait until July 2021).

Some changes were needed to get this right. Please consider changes like these for future versions:

• correct the usage of CFLAGS, LDFLAGS, and LDLIBS to be more conventional
• remove the chmod calls (they are potential security problems and should be replaced with a correct user/group setup, e.g. user games and the binaries being setuid games)
• allow the user to set up the scores directory without having to edit config.h (perhaps generate config.h from the Makefile)
• edit the Makefile so it doesn't require GNU make (might already be the case with the current version)
• add a man page for the project so there's at least a landing page for the project in the manual. This page can be hard-linked for all games, so only one is needed if yo don't feel like making one for each game.

from nbsdgames.

@clausecker Thanks!

• I made a LDFLAGS variable and moved linker flags to it
• What security problem? However they are no longer required as the games now fall back into making a file in home if they don't find or can't access the scorefile.
• It did support getting the scorefile address from environment. However config.h seems good enough.
• It no longer requires GNU make.
• Yes, something like that is needed.

I should probably make a Version 4.1. Enough changes have been made.

from nbsdgames.

Your makefile generates score files that are world-writable in a public directory. Suppose there is a bug parsing these score files. One user could overwrite these files with a crafted scores file and then wait for another user to run the game, potentially having him execute arbitrary code.

Also, there's the issue of every user being able to just edit the score files to add bogus scores. This is not fair.

The standard solution is to set the score files to be not world writable and give them to the user or group games. Then, the game program is set up to be a setuid or setgid program so it runs under the games user or group, allowing it to access the score file. I have set things up this way in the FreeBSD port.

from nbsdgames.

@clausecker
Yes but we are assuming the evil user already has enough access to the system to edit a file to begin with all this. If it is a user with physical access (I've heard boot access is root access), or illegitimate software running on the system, doesn't it already have more than enough access? https://xkcd.com/1200/

Also couldn't every user in games group still change it?

Also if they are so committed to defense-in-depth they could now totally make no score files at all (make install also doesn't make them by default) and the games make one in home themselves.

But I also changed the chmods to chowns.

from nbsdgames.

Yes but we are assuming the evil user already has enough access to the system to edit a file to begin with all this. If it is a user with physical access (I've heard boot access is root access), or illegitimate software running on the system, doesn't it already have more than enough access? https://xkcd.com/1200/

Suppose a shell server of a university with your game installed. Each student has an account. With your scheme, one student could edit the score files to execute arbitrary code when another student executes the game. That is a security risk. And clearly that one student does not have any sort of elevated access. UNIX is a multi user system. It is designed to have multiple users run possibly untrusted programs at the same time. However, if one user can attack another user or hijack the system, that's a problem.

Also consider the perhaps a bit more accessible issue of users being able to falsify the score files with your approach. That's certainly something you don't want.

Also couldn't every user in games group still change it?

There are no users in the games group usually (except perhaps a dedicated games user). It exists specifically for this purpose: games with global score files are setgid games so they and only they can edit their score files. Users on their own cannot, except by playing the game and beating the existing scores. This mechanism has existed for decades.

Also if they are so committed to defense-in-depth they could now totally make no score files at all (make install also doesn't make them by default) and the games make one in home themselves.

It's not really “defense-in-depth” but rather standard practice against mischievous users. No global score files at all are a possibility (though you might want to improve your code so it can pick up local score files from XDG paths in this case), but what's the fun if you can't even compete with other users on the system?

But I also changed the chmods to chowns.

That change doesn't really fix things. And indeed, it breaks the build in many scenarios as you now cannot build and install the program as a normal user.

from nbsdgames.

@clausecker Could you do that so I learn?

from nbsdgames.

(Also a general discussion thread is not helpful, I should close this)

from nbsdgames.