708080 – games-puzzle/bastet - bastet: using a user-specific high scores file: /home/{user}/.bastetscores as the global high scores file /var/games/bastet.scores2 is not writable

Bug 708080 - games-puzzle/bastet - bastet: using a user-specific high scores file: /home/{user}/.bastetscores as the global high scores file /var/games/bastet.scores2 is not writable

Summary: games-puzzle/bastet - bastet: using a user-specific high scores file: /home/{...

Status:	UNCONFIRMED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Games

URL:
Whiteboard:
Keywords:	PATCH

Depends on:
Blocks:

Reported:	2020-02-03 19:36 UTC by Brandon Sakai
Modified:	2020-02-03 20:25 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Simple ebuild patch (bastet-0.43.2.ebuild.diff,580 bytes, patch) 2020-02-03 20:25 UTC, Brandon Sakai	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Brandon Sakai 2020-02-03 19:36:19 UTC

games-puzzle/bastet's ebuild runs the following commands in its src_install()

        touch "${ED}/var/games/bastet.scores" || die "touch failed"
        fperms 664 /var/games/bastet.scores

When running bastet, the following error appears

        bastet: using a user-specific high scores file: /home/{user}/.bastetscores
        as the global high scores file /var/games/bastet.scores2 is not writable

This is because the ebuild creates /var/games/bastet.scores rather than /var/games/bastet.scores2. This is easily fixed by changing bastet.scores to bastet.scores2 in the ebuild.


Additionally, /var/games/bastet.scores has mode 

        -rw-rw-r-- 1 root root     1021 Feb  3 14:14 bastet.scores

so it isn't user writeable. This could be fixed by changing the fperms line to 666 rather than 664 so that bastet could write high scores to the world high score list. Alternatively, it could be 664 but with group gamestat so users in the gamestat group can write to it (see acct-group/gamestat).

The recommended setup is shown here https://github.com/fph/bastet/blob/5037e410fde6fafe8e6bc4cf17a12ad98e01c17e/INSTALL

Comment 1 Jeroen Roovers (RETIRED) gentoo-dev

2020-02-03 20:06:44 UTC

(In reply to Brandon Sakai from comment #0)
> games-puzzle/bastet's ebuild runs the following commands in its src_install()
> 
>         touch "${ED}/var/games/bastet.scores" || die "touch failed"
>         fperms 664 /var/games/bastet.scores

It does that? Looks like a security bug.

Comment 2 Brandon Sakai 2020-02-03 20:25:11 UTC

Created attachment 611498 [details, diff]
Simple ebuild patch

This is a quick patch I threw together using games-action/moon-buggy as a guide. I'm not sure what the security issue you see is so I'm not sure if this fixes it or if moon-buggy just also has it.