Closed Domosed-gamin closed 3 years ago
Hi, thank you for mentioning it. I made a car game with nice ASCII art where you had to hit zombies and avoid humans. It needed such an input/output speed (in order to be challenging) that it would only be playable under Linux TTY, even xterm lagged. So I dropped the project half-way.
I tried making something like ksnakeduel for terminal, but having an AI that would be enough challenge within the gameplay which the speed, graphics and input limits of curses permitted proved to be hard. I tried some fancy algorithms for a while and then simply forgot about it.
I may try making other games in near future.
I made a car game with nice ASCII art where you had to hit zombies and avoid humans.
Sound cool. It's pity that project is dropped.
I may try making other games in near future.
It's really good. I will wait new version of your awesome games collection. ASCII games are best games ever. ^__^
Darrt is added, is it good?
It is fun to play. I like idea to mix well-known darts game and typing game.
P.S. Wow! Letter 'H' gave me million points. ^__^
Yeah! I beat Rabbithole game. This was not easy.
Yes, that is when you hit exactly at the center. My record is 3 hits.
Beat Rabbithole enough times and you will have muscular fingers.
@abakh, I want write news post on big russian linux forum (my other post about good ascii game - https://www.linux.org.ru/news/games/15907069). Please tell me when you will bump the version number. This is good reason will to write news post.
P.S.
About
A package of 15 text-based modern games
Pls fix it. 16 games. :-)
Now there is 17 of them! Some small changes and there will be a new version.
Nice! I wrote news post. ^__^ https://www.linux.org.ru/news/games/16276697
Cool! (Also you can keep laying new pipes after the time runs out, the time is for when the fluid will flow)
I've made a FreeBSD port: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255346
It might take a few days to be accepted, but then you can do pkg install nbsdgames
to get the project (on the “latest” branch; “quarterly” will have to wait until July 2021).
Some changes were needed to get this right. Please consider changes like these for future versions:
CFLAGS
, LDFLAGS
, and LDLIBS
to be more conventionalchmod
calls (they are potential security problems and should be replaced with a correct user/group setup, e.g. user games
and the binaries being setuid games
)config.h
(perhaps generate config.h
from the Makefile)@clausecker Thanks!
I should probably make a Version 4.1. Enough changes have been made.
Your makefile generates score files that are world-writable in a public directory. Suppose there is a bug parsing these score files. One user could overwrite these files with a crafted scores file and then wait for another user to run the game, potentially having him execute arbitrary code.
Also, there's the issue of every user being able to just edit the score files to add bogus scores. This is not fair.
The standard solution is to set the score files to be not world writable and give them to the user or group games
. Then, the game program is set up to be a setuid or setgid program so it runs under the games user or group, allowing it to access the score file. I have set things up this way in the FreeBSD port.
@clausecker Yes but we are assuming the evil user already has enough access to the system to edit a file to begin with all this. If it is a user with physical access (I've heard boot access is root access), or illegitimate software running on the system, doesn't it already have more than enough access? https://xkcd.com/1200/
Also couldn't every user in games group still change it?
Also if they are so committed to defense-in-depth they could now totally make no score files at all (make install also doesn't make them by default) and the games make one in home themselves.
But I also changed the chmods to chowns.
Yes but we are assuming the evil user already has enough access to the system to edit a file to begin with all this. If it is a user with physical access (I've heard boot access is root access), or illegitimate software running on the system, doesn't it already have more than enough access? https://xkcd.com/1200/
Suppose a shell server of a university with your game installed. Each student has an account. With your scheme, one student could edit the score files to execute arbitrary code when another student executes the game. That is a security risk. And clearly that one student does not have any sort of elevated access. UNIX is a multi user system. It is designed to have multiple users run possibly untrusted programs at the same time. However, if one user can attack another user or hijack the system, that's a problem.
Also consider the perhaps a bit more accessible issue of users being able to falsify the score files with your approach. That's certainly something you don't want.
Also couldn't every user in games group still change it?
There are no users in the games
group usually (except perhaps a dedicated games
user). It exists specifically for this purpose: games with global score files are setgid games
so they and only they can edit their score files. Users on their own cannot, except by playing the game and beating the existing scores. This mechanism has existed for decades.
Also if they are so committed to defense-in-depth they could now totally make no score files at all (make install also doesn't make them by default) and the games make one in home themselves.
It's not really “defense-in-depth” but rather standard practice against mischievous users. No global score files at all are a possibility (though you might want to improve your code so it can pick up local score files from XDG paths in this case), but what's the fun if you can't even compete with other users on the system?
But I also changed the chmods to chowns.
That change doesn't really fix things. And indeed, it breaks the build in many scenarios as you now cannot build and install the program as a normal user.
@clausecker Could you do that so I learn?
(Also a general discussion thread is not helpful, I should close this)
Hi again! Any plan to new release with new games and feature? Or project is dead?