(debian-policy.info)Games

---

Prev: Emacs lisp programs Up: Customized programs

---

Enter node , (file) or (file)node

11.11 Games
===========

The permissions on ‘/var/games’ are mode 755, owner ‘root’ and group
‘root’.

Each game decides on its own security policy.

Games which require protected, privileged access to high-score files,
saved games, etc., may be made set-`group'-id (mode 2755) and owned by
‘root:games’, and use files and directories with appropriate permissions
(770 ‘root:games’, for example).  They must not be made set-`user'-id,
as this causes security problems.  (If an attacker can subvert any
set-user-id game they can overwrite the executable of any other, causing
other players of these games to run a Trojan horse program.  With a
set-group-id game the attacker only gets access to less important game
data, and if they can get at the other players’ accounts at all it will
take considerably more effort.)

Some packages, for example some fortune cookie programs, are configured
by the upstream authors to install with their data files or other static
information made unreadable so that they can only be accessed through
set-id programs provided.  You should not do this in a Debian package:
anyone can download the ‘.deb’ file and read the data from it, so there
is no point making the files unreadable.  Not making the files
unreadable also means that you don’t have to make so many programs
set-id, which reduces the risk of a security hole.

As described in the FHS, binaries of games should be installed in the
directory ‘/usr/games’.  This also applies to games that use the X
Window System.  Manual pages for games (X and non-X games) should be
installed in ‘/usr/share/man/man6’.