Comments (17)
Darrt is added, is it good?
from nbsdgames.
Now there is 17 of them! Some small changes and there will be a new version.
from nbsdgames.
Nice! I wrote news post. ^__^ https://www.linux.org.ru/news/games/16276697
from nbsdgames.
Cool!
(Also you can keep laying new pipes after the time runs out, the time is for when the fluid will flow)
from nbsdgames.
Hi, thank you for mentioning it. I made a car game with nice ASCII art where you had to hit zombies and avoid humans. It needed such an input/output speed (in order to be challenging) that it would only be playable under Linux TTY, even xterm lagged. So I dropped the project half-way.
I tried making something like ksnakeduel for terminal, but having an AI that would be enough challenge within the gameplay which the speed, graphics and input limits of curses permitted proved to be hard. I tried some fancy algorithms for a while and then simply forgot about it.
I may try making other games in near future.
from nbsdgames.
I made a car game with nice ASCII art where you had to hit zombies and avoid humans.
Sound cool. It's pity that project is dropped.
I may try making other games in near future.
It's really good. I will wait new version of your awesome games collection. ASCII games are best games ever. ^__^
from nbsdgames.
It is fun to play. I like idea to mix well-known darts game and typing game.
P.S. Wow! Letter 'H' gave me million points. ^__^
from nbsdgames.
Yeah! I beat Rabbithole game. This was not easy.
from nbsdgames.
from nbsdgames.
@abakh, I want write news post on big russian linux forum (my other post about good ascii game - https://www.linux.org.ru/news/games/15907069). Please tell me when you will bump the version number. This is good reason will to write news post.
P.S.
About
A package of 15 text-based modern games
Pls fix it. 16 games. :-)
from nbsdgames.
I've made a FreeBSD port: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255346
It might take a few days to be accepted, but then you can do pkg install nbsdgames
to get the project (on the “latest” branch; “quarterly” will have to wait until July 2021).
Some changes were needed to get this right. Please consider changes like these for future versions:
- correct the usage of
CFLAGS
,LDFLAGS
, andLDLIBS
to be more conventional - remove the
chmod
calls (they are potential security problems and should be replaced with a correct user/group setup, e.g. usergames
and the binaries being setuidgames
) - allow the user to set up the scores directory without having to edit
config.h
(perhaps generateconfig.h
from the Makefile) - edit the Makefile so it doesn't require GNU make (might already be the case with the current version)
- add a man page for the project so there's at least a landing page for the project in the manual. This page can be hard-linked for all games, so only one is needed if yo don't feel like making one for each game.
from nbsdgames.
@clausecker Thanks!
- I made a LDFLAGS variable and moved linker flags to it
- What security problem? However they are no longer required as the games now fall back into making a file in home if they don't find or can't access the scorefile.
- It did support getting the scorefile address from environment. However config.h seems good enough.
- It no longer requires GNU make.
- Yes, something like that is needed.
I should probably make a Version 4.1. Enough changes have been made.
from nbsdgames.
Your makefile generates score files that are world-writable in a public directory. Suppose there is a bug parsing these score files. One user could overwrite these files with a crafted scores file and then wait for another user to run the game, potentially having him execute arbitrary code.
Also, there's the issue of every user being able to just edit the score files to add bogus scores. This is not fair.
The standard solution is to set the score files to be not world writable and give them to the user or group games
. Then, the game program is set up to be a setuid or setgid program so it runs under the games user or group, allowing it to access the score file. I have set things up this way in the FreeBSD port.
from nbsdgames.
@clausecker
Yes but we are assuming the evil user already has enough access to the system to edit a file to begin with all this. If it is a user with physical access (I've heard boot access is root access), or illegitimate software running on the system, doesn't it already have more than enough access? https://xkcd.com/1200/
Also couldn't every user in games group still change it?
Also if they are so committed to defense-in-depth they could now totally make no score files at all (make install also doesn't make them by default) and the games make one in home themselves.
But I also changed the chmods to chowns.
from nbsdgames.
Yes but we are assuming the evil user already has enough access to the system to edit a file to begin with all this. If it is a user with physical access (I've heard boot access is root access), or illegitimate software running on the system, doesn't it already have more than enough access? https://xkcd.com/1200/
Suppose a shell server of a university with your game installed. Each student has an account. With your scheme, one student could edit the score files to execute arbitrary code when another student executes the game. That is a security risk. And clearly that one student does not have any sort of elevated access. UNIX is a multi user system. It is designed to have multiple users run possibly untrusted programs at the same time. However, if one user can attack another user or hijack the system, that's a problem.
Also consider the perhaps a bit more accessible issue of users being able to falsify the score files with your approach. That's certainly something you don't want.
Also couldn't every user in games group still change it?
There are no users in the games
group usually (except perhaps a dedicated games
user). It exists specifically for this purpose: games with global score files are setgid games
so they and only they can edit their score files. Users on their own cannot, except by playing the game and beating the existing scores. This mechanism has existed for decades.
Also if they are so committed to defense-in-depth they could now totally make no score files at all (make install also doesn't make them by default) and the games make one in home themselves.
It's not really “defense-in-depth” but rather standard practice against mischievous users. No global score files at all are a possibility (though you might want to improve your code so it can pick up local score files from XDG paths in this case), but what's the fun if you can't even compete with other users on the system?
But I also changed the chmods to chowns.
That change doesn't really fix things. And indeed, it breaks the build in many scenarios as you now cannot build and install the program as a normal user.
from nbsdgames.
@clausecker Could you do that so I learn?
from nbsdgames.
(Also a general discussion thread is not helpful, I should close this)
from nbsdgames.
Related Issues (20)
- jewels: scoring the same number as the previous highest score is considered a new record HOT 2
- [Documentation] On which platforms do nbsdgames run? HOT 1
- Doesn't compile on tcc HOT 1
- Doesn't work with ttyrec. HOT 1
- Sudoku doesn't guarantee unique solution HOT 1
- Doesn't compile with --std=c99 HOT 10
- build error HOT 1
- Your project has been added to a list of copyfree works. HOT 1
- screenshots? HOT 1
- circlejump.c HOT 1
- How do package maintainers find out about new versions? HOT 6
- Compilation error from AUR HOT 4
- `make nb` creates `nbnbsdgames` HOT 1
- Cribbage HOT 1
- when will there be a tutorial HOT 1
- Scores get wiped when the partition is full or the computer is shutdown
- debian packaging HOT 4
- Setting up the donation for this project HOT 1
- Installation from Ubuntu Jammy official repo fails. HOT 1
- cpong?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nbsdgames.