[Buildroot] [PATCH] package/frotz: Update to version 2.53
Thomas Huth
huth at tuxfamily.org
Mon Mar 8 04:15:51 UTC 2021
Am Sun, 7 Mar 2021 22:41:15 +0100
schrieb "Yann E. MORIN" <yann.morin.1998 at free.fr>:
> Thomas, All,
>
> On 2021-03-07 16:21 +0100, Thomas Huth spake thusly:
[...]
> > diff --git a/package/frotz/Config.in b/package/frotz/Config.in
> > index b73beea330..9473f5944d 100644
> > --- a/package/frotz/Config.in
> > +++ b/package/frotz/Config.in
> > @@ -1,14 +1,10 @@
> > config BR2_PACKAGE_FROTZ
> > bool "frotz"
> > - depends on BR2_TOOLCHAIN_HAS_THREADS
> > select BR2_PACKAGE_NCURSES
> > help
> > Frotz is an interpreter for old Infocom adventure games
> > and
> > - other Z-code games. Note that frotz can not be run as
> > root.
> > + other Z-code games. Note that frotz cannot be run as
> > root.
>
> Out of curiosity: what is the technical reason this is not possible?
I don't know for sure, but I think it's because Frotz is running
untrusted byte code - so if there's a bug in the interpreter, some
malicious byte code could get root access to the system.
> There is an explicit check in src/curses/ux_init.c, but except for
> that, I could not easily spot a reason for not being able to run as
> root...
>
> > You must add a normal user to your buildroot
> > configuration to be able to use it.
>
> Why don't we then define one, like:
>
> define FROTS_USERS
> frotz -1 frotz -1 - - - -
> endef
Not sure whether it makes sense to hard-code a user without password
here...? IMHO it makes more sense to leave that decision (how should
the user be called? should the account get a password or not?) to the
person who creates the buildroot image.
Thomas
More information about the buildroot
mailing list