#1124329 angband: is setgid, can this be avoided?

Package:
angband
Source:
angband
Description:
Single-player, text-based, dungeon simulation game
Submitter:
Simon McVittie
Date:
2026-03-02 19:33:01 UTC
Severity:
normal
#1124329#5
Date:
2025-12-30 18:39:04 UTC
From:
To:
The /usr/games/angband executable is setgid games.

Because this game depends on libraries that make no attempt to avoid
privilege escalation from the caller to the games group, this use of
setgid is basically security theatre: it's essentially equivalent to
making the high scores world-writeable.

In particular, because this game depends on SDL, it's very easy to use
it to escalate privileges to the games group. SDL is not designed to be
used by set*id executables (reference:
https://github.com/libsdl-org/SDL/issues/14717).

Discussion on the debian-devel-games list starting at
https://lists.debian.org/debian-devel-games/2025/12/msg00016.html (or
equivalently
https://lists.debian.org/msgid-search/aVFQ7HtjX7cYSnIp@remnant.pseudorandom.co.uk)
indicates that several games team members think the complexity cost and
security implications of games being setgid are too high a price to pay
for shared savegames and game state on multi-user systems.

Could this game be modified to save game state to a per-user location
instead? In SDL 2 or later, the SDL_PrefPath() is likely to be the most
suitable place.

To avoid data loss, it will probably be necessary to copy game state
from /var/games/angband into the new location for a transitional period.
If a transition path is added during the Debian 13 'forky' cycle, then
perhaps it could be removed when testing reopens after the Debian 14
'duke' release.

Thanks,
    smcv

#1124329#10
Date:
2026-03-02 19:21:53 UTC
From:
To:
backwardsEric - current Angband maintainer