GNU bug report logs -
#25895
Remove update-game-score
Previous Next
Reported by: Glenn Morris <rgm <at> gnu.org>
Date: Tue, 28 Feb 2017 06:55:01 UTC
Severity: wishlist
Tags: patch
Found in version 25.2
Done: Paul Eggert <eggert <at> cs.ucla.edu>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 25895 in the body.
You can then email your comments to 25895 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#25895; Package
emacs.
(Tue, 28 Feb 2017 06:55:01 GMT)
Full text and
rfc822 format available.
Message #3 received at submit <at> debbugs.gnu.org (full text, mbox):
Package: emacs
Severity: wishlist
Version: 25.2
I'd like to suggest removing the update-game-score executable and the
associated machinery (Makefile rules, related gamegrid.el complexity).
update-game-score is a standalone executable whose job is to write a
system-wide score file for snake and tetris. For this purpose, it needs
to be installed setgid (or setuid) to the games group (or user), and the
central score files need to be pre-created with the relevant ownership
(see lib-src/Makefile).
In practice, I think this facility is very little used, and so should be
removed so that there are fewer things that need to be maintained.
Non-root users compiling and installing their own Emacs normally cannot
set the required permissions on the binary, or write to a central shared
score directory.
Distributions don't like having setuid/setgid binaries in their binary
packages because of the potential security implications, so tend to
strip them out. For example, in both the Red Hat rpm and Debian dpkg
packages for Emacs, update-game-score is not installed setgid or setuid.
So it doesn't do anything useful for these two major distributions and
their derivatives.
Ref eg
https://koji.fedoraproject.org/koji/fileinfo?rpmID=8691568&filename=/usr/libexec/emacs/25.1/x86_64-redhat-linux-gnu/update-game-score
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#25895; Package
emacs.
(Thu, 09 Mar 2017 08:51:02 GMT)
Full text and
rfc822 format available.
Message #6 received at 25895 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Thanks, good suggestion. Proposed patch attached. I'll CC: this to Ulrich Müller
to see whether he has thoughts on this that are relevant to Gentoo, since he
sent in a Gentoo-related bug report about setgid a couple of years ago. Ulrich,
the new bug report is here:
https://bugs.gnu.org/25895
[0001-Remove-update-game-score.patch (text/x-diff, attachment)]
Added tag(s) patch.
Request was from
Paul Eggert <eggert <at> cs.ucla.edu>
to
control <at> debbugs.gnu.org.
(Thu, 09 Mar 2017 15:50:02 GMT)
Full text and
rfc822 format available.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#25895; Package
emacs.
(Thu, 09 Mar 2017 22:58:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 25895 <at> debbugs.gnu.org (full text, mbox):
Thanks for the (as always) extremely thorough patch.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#25895; Package
emacs.
(Fri, 10 Mar 2017 06:44:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 25895 <at> debbugs.gnu.org (full text, mbox):
>>>>> On Thu, 9 Mar 2017, Paul Eggert wrote:
> Thanks, good suggestion. Proposed patch attached. I'll CC: this to
> Ulrich Müller to see whether he has thoughts on this that are
> relevant to Gentoo, since he sent in a Gentoo-related bug report
> about setgid a couple of years ago. Ulrich, the new bug report is
> here:
> https://bugs.gnu.org/25895
I am not happy about this. Gentoo installs update-game-score as a
setgid binary and it is working well. I agree that setuid binaries are
generally frowned upon, but that is much less the case for setgid.
In fact, installing such binaries setgid and beloging to a "games" or
similar group is valid policy in both Debian and Gentoo:
https://www.debian.org/doc/debian-policy/ch-customized-programs.html#s11.11
https://wiki.gentoo.org/wiki/Project:Quality_Assurance/Policies#Games
$ ls -l /usr/libexec/emacs/25.2/x86_64-pc-linux-gnu/
total 88
-rwxr-xr-x 1 root root 10344 Mar 2 09:35 hexl
-rwxr-xr-x 1 root root 27104 Mar 2 09:35 movemail
-rwxr-xr-x 1 root root 6184 Mar 2 09:35 profile
-rwxr-xr-x 1 root root 21154 Mar 2 09:35 rcs2log
-rwxr-s--x 1 root gamestat 14656 Mar 2 09:35 update-game-score
Also I don't buy the argument that these files were a maintenance
burden. Browsing the git history of lib-src/update-game-score.c and
lisp/play/gamegrid.el, I see that the last nontrivial change to them
was a patch that I submitted myself more than two years ago.
I think you need better reasons for removal of working functionality.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#25895; Package
emacs.
(Fri, 10 Mar 2017 08:17:02 GMT)
Full text and
rfc822 format available.
Message #17 received at 25895 <at> debbugs.gnu.org (full text, mbox):
Ulrich Mueller wrote:
> I don't buy the argument that these files were a maintenance
> burden.
It's not simply my own burden (which is not always reflected by commit log
entries, and where even the "trivial" changes are more work for me). It's all
the people who have to review this code for all the distributions. Even making
something setgid is a big deal. Obviously the Debian and Fedora people don't
want to bother.
If people were really using this program to support multiuser games, it'd be
worth the trouble. But I don't have the sense that the feature is actually used.
That being said, the simplest thing is to do nothing.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#25895; Package
emacs.
(Fri, 10 Mar 2017 22:41:02 GMT)
Full text and
rfc822 format available.
Message #20 received at 25895 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On second thought, how about if we install update-game-score only when
the builder specifies the game user or group. This will let Gentoo roll
along much as before, while simplifying installation for distributions
that don't support or bother to configure a game user or group. Although
this doesn't simplify the Emacs source as much as the previously
proposed patch, it's still better than what we have now. Proposed patch
attached.
[0001-Install-update-game-score-only-on-request.patch (application/x-patch, attachment)]
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#25895; Package
emacs.
(Sat, 11 Mar 2017 06:33:02 GMT)
Full text and
rfc822 format available.
Message #23 received at 25895 <at> debbugs.gnu.org (full text, mbox):
> From: Paul Eggert <eggert <at> cs.ucla.edu>
> Date: Fri, 10 Mar 2017 14:40:39 -0800
> Cc: 25895 <at> debbugs.gnu.org
>
> On second thought, how about if we install update-game-score only when
> the builder specifies the game user or group. This will let Gentoo roll
> along much as before, while simplifying installation for distributions
> that don't support or bother to configure a game user or group. Although
> this doesn't simplify the Emacs source as much as the previously
> proposed patch, it's still better than what we have now. Proposed patch
> attached.
Thanks.
Please add comments to the affected Makefile.in files to explain the
conditions related to user/group.
I also don't understand why you unconditionally removed this program
from the Windows builds and installations: the problem with setgid
doesn't exist on Windows, so nothing should prevent Windows
installations from having this program, right?
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#25895; Package
emacs.
(Sat, 11 Mar 2017 08:31:01 GMT)
Full text and
rfc822 format available.
Message #26 received at 25895 <at> debbugs.gnu.org (full text, mbox):
>>>>> On Fri, 10 Mar 2017, Paul Eggert wrote:
> On second thought, how about if we install update-game-score only
> when the builder specifies the game user or group. This will let
> Gentoo roll along much as before, while simplifying installation for
> distributions that don't support or bother to configure a game user
> or group. Although this doesn't simplify the Emacs source as much as
> the previously proposed patch, it's still better than what we have
> now.
I like this idea much better than the first one.
> Proposed patch attached.
Tested and it doesn't work. With the --with-gameuser=":gamestat"
configure option, it properly installs the update-game-score binary.
In spite of this, Emacs doesn't use the shared directory, but creates
a score file in the user's home directory instead.
The reason is that gameuser and gamegroup are not propagated to the
top-level Makefile:
--- emacs/Makefile.in~
+++ emacs/Makefile.in
@@ -268,6 +268,8 @@
# Where to install Emacs game score files.
gamedir=@gamedir@
+gameuser=@gameuser@
+gamegroup=@gamegroup@
# ==================== Utility Programs for the Build ====================
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#25895; Package
emacs.
(Sun, 12 Mar 2017 08:46:02 GMT)
Full text and
rfc822 format available.
Message #29 received at 25895 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Eli Zaretskii wrote:
> Please add comments to the affected Makefile.in files to explain the
> conditions related to user/group.
Done in the attached revised patch, which also fixes the bug Ulrich Müller noted.
> I also don't understand why you unconditionally removed this program
> from the Windows builds and installations: the problem with setgid
> doesn't exist on Windows, so nothing should prevent Windows
> installations from having this program, right?
It's more the other way round. On platforms without setuid/setgid, Emacs can use
its already-existing code to update the score file itself. The auxiliary program
is needed only on platforms that have setuid/setgid, to avoid the security
problems that would ensue if we made Emacs itself setuid/setgid.
[0001-Install-update-game-score-only-on-request.patch (text/x-diff, attachment)]
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#25895; Package
emacs.
(Sun, 12 Mar 2017 13:55:02 GMT)
Full text and
rfc822 format available.
Message #32 received at 25895 <at> debbugs.gnu.org (full text, mbox):
>>>>> On Sun, 12 Mar 2017, Paul Eggert wrote:
> Done in the attached revised patch, which also fixes the bug
> Ulrich Müller noted.
Ack.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#25895; Package
emacs.
(Sun, 12 Mar 2017 15:16:02 GMT)
Full text and
rfc822 format available.
Message #35 received at 25895 <at> debbugs.gnu.org (full text, mbox):
> Cc: ulm <at> gentoo.org, 25895 <at> debbugs.gnu.org
> From: Paul Eggert <eggert <at> cs.ucla.edu>
> Date: Sun, 12 Mar 2017 00:45:13 -0800
>
> Eli Zaretskii wrote:
>
> > Please add comments to the affected Makefile.in files to explain the
> > conditions related to user/group.
>
> Done in the attached revised patch, which also fixes the bug Ulrich Müller noted.
Thanks, but I expected to see there the explanation of why we
sometimes expect user/group to be empty and sometimes not. IOW, I'd
like to have in the affected Makefile a comment which summarized the
rationale in the commit message, something akin to this:
> Most distributions do not install update-game-score properly
> due to setuid/setgid complications, so install it only when
> the installer specifies a user or group (Bug#25895).
> > I also don't understand why you unconditionally removed this program
> > from the Windows builds and installations: the problem with setgid
> > doesn't exist on Windows, so nothing should prevent Windows
> > installations from having this program, right?
>
> It's more the other way round. On platforms without setuid/setgid, Emacs can use
> its already-existing code to update the score file itself. The auxiliary program
> is needed only on platforms that have setuid/setgid, to avoid the security
> problems that would ensue if we made Emacs itself setuid/setgid.
Ah, yes. Thanks for clarifying this.
Reply sent
to
Paul Eggert <eggert <at> cs.ucla.edu>:
You have taken responsibility.
(Sun, 12 Mar 2017 19:07:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Glenn Morris <rgm <at> gnu.org>:
bug acknowledged by developer.
(Sun, 12 Mar 2017 19:07:03 GMT)
Full text and
rfc822 format available.
Message #40 received at 25895-done <at> debbugs.gnu.org (full text, mbox):
Eli Zaretskii wrote:
> I'd
> like to have in the affected Makefile a comment which summarized the
> rationale in the commit message
OK, I added a comment and installed the patch. Marking this bug as done.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Mon, 10 Apr 2017 11:24:04 GMT)
Full text and
rfc822 format available.
This bug report was last modified 7 years and 230 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.