Re: SETGIDGAME in package's Makefile. Why?

To: tech-pkg%netbsd.org@localhost
Subject: Re: SETGIDGAME in package's Makefile. Why?
From: David Holland <dholland-pkgtech%netbsd.org@localhost>
Date: Fri, 26 Dec 2008 07:57:39 +0000

On Thu, Dec 25, 2008 at 06:30:24PM -0600, Jeremy C. Reed wrote:
 > > Can anybody explain this magic?
 > > Why SETGIDGAME in set to yes in package's Makefile.
 > > Many (but not all!) games/ packages do this.
 > > 
 > > IMHO such things should be set in user's mk.conf.
 > 
 > SETGIDGAME, according to the documentation, should not be in any package 
 > Makefiles. I see they are. If no PR is filed yet, then a bug should be 
 > filed -- either documentation is wrong or the several packages are wrong.

Yes, it is all broke, and has been for a long time. There are also
various other related problems, e.g. some games use the config file
mechanism to install their high scores.

Both the underlying mechanism and the method for configuring the
behavior need a complete rework.

There are also three configurations that have to be taken into
account, not two: games can be installed setgid, installed without
setgid even if they want it, or installed without setgid in an
unpriv'd package tree. The last two are different and have different
behavior, although I have the distinct impression they've been
accidentally conflated at some points in the past.

Most games with high scores files care only if the high scores are
writeable, and will work fine if installed unpriv'd but need to be
setgid if using a root-owned $(VARBASE).

IME, most of these games also do not fall back cleanly to per-user
scorefiles or whatever if they can't write in $(VARBASE), so unless
built unpriv'd they should be installed setgid by default.

For games where it does make sense to install either setgid or not,
the choice should probably be made via a package option. "SETGIDGAME"
should go away. Not only is it widely misused, it's also too broad a
switch, and it's misspelled - as a global config option it should have
been "SETGIDGAMES".

(In most cases I think the setgid option should default to yes, that
is, setgid. While it's not necessarily desirable to install setugid
binaries by default, it's also not desirable to create crippled binary
packages. Plus it's quite a bit easier to chmod -s after installing
than to go track down what might want a chmod g+s.)

Fixing all this is a big pile of work though.

-- 
David A. Holland
dholland%netbsd.org@localhost

Follow-Ups:
- Re: SETGIDGAME in package's Makefile. Why?
  - From: OBATA Akio
- Re: SETGIDGAME in package's Makefile. Why?
  - From: Aleksey Cheusov

References:
- Re: SETGIDGAME in package's Makefile. Why?
  - From: Jeremy C. Reed

Prev by Date: Re: Some problems
Next by Date: Re: SETGIDGAME in package's Makefile. Why?
Previous by Thread: Re: SETGIDGAME in package's Makefile. Why?
Next by Thread: Re: SETGIDGAME in package's Makefile. Why?
Indexes:

Home | Main Index | Thread Index | Old Index