Angband.oook.cz
Angband.oook.cz
AboutDownloadVariantsLadderForumCompetitionSpoilersComicScreenshotsFunniesLinks

Go Back   Angband Forums > Angband > Sil

Reply
 
Thread Tools Display Modes
Old July 9, 2012, 04:38   #1
saarn
Adept
 
Join Date: Apr 2009
Location: Washington, DC
Posts: 112
saarn is on a distinguished road
sil osx setgid enabled

The OsX download for Sil has setgid enabled as an xattr on at least one of the files-- this makes the application ask for an admin password when you go to open a save file. I was able to work around by doing chmod -R ug-s * in the sil directory, but this should probably be cleaned up.
saarn is offline   Reply With Quote
Old July 9, 2012, 10:23   #2
half
Knight
 
half's Avatar
 
Join Date: Jan 2009
Posts: 862
half is on a distinguished road
Quote:
Originally Posted by saarn View Post
The OsX download for Sil has setgid enabled as an xattr on at least one of the files-- this makes the application ask for an admin password when you go to open a save file. I was able to work around by doing chmod -R ug-s * in the sil directory, but this should probably be cleaned up.
I'd love to fix this as it is a long-standing bug. Any ideas which file or directory is acting up? I tried:

ls -R -@ -l lib

I found:

com.apple.TextEncoding
com.apple.metadata:kMDItemWhereFroms
com.apple.FinderInfo
com.apple.quarantine

but no setgid. Could it be the .quarantine instead? This is something Apple uses on executables before the user launches them the first time and might be triggering the warning (a bit odd as it is only present on some images and fonts that I inherited from NPP). This is compatible with your evidence as the confirmation dialogue doesn't appear every time. The only other thing I know is that the dialogue doesn't appear at launch, but seems to come up when I am selecting a savefile.
half is offline   Reply With Quote
Old July 9, 2012, 15:59   #3
saarn
Adept
 
Join Date: Apr 2009
Location: Washington, DC
Posts: 112
saarn is on a distinguished road
i think you're looking in the wrong directory -- I ran the chmod fix on Sil.app not lib.
saarn is offline   Reply With Quote
Old July 9, 2012, 16:12   #4
half
Knight
 
half's Avatar
 
Join Date: Jan 2009
Posts: 862
half is on a distinguished road
Quote:
Originally Posted by saarn View Post
i think you're looking in the wrong directory -- I ran the chmod fix on Sil.app not lib.
Ah, I hadn't looked inside Sil.app, but I still didn't find any setgid bits or strange xattrs (only com.apple.FinderInfo and com.apple.ResourceFork).

I haven't had any password requests in the last 10 times I've tried opening a savegame though, so perhaps removing the quarantines has fixed it. I'm open to other ideas too.
half is offline   Reply With Quote
Old July 9, 2012, 16:12   #5
half
Knight
 
half's Avatar
 
Join Date: Jan 2009
Posts: 862
half is on a distinguished road
(And thanks for the help -- it is very much appreciated!)
half is offline   Reply With Quote
Old July 9, 2012, 18:42   #6
debo
Veteran
 
Join Date: Oct 2011
Location: Toronto, Canada
Posts: 1,469
debo is on a distinguished road
Quote:
Originally Posted by half View Post
I haven't had any password requests in the last 10 times I've tried opening a savegame though, so perhaps removing the quarantines has fixed it. I'm open to other ideas too.
Might be keychain or some other authorization proxy -- I was asked for a system password the first time I opened a Sil 1.0.2 savegame, but it never asked me again after that, and I haven't messed with the files in the distribution at all.
debo is online now   Reply With Quote
Old July 10, 2012, 15:14   #7
saarn
Adept
 
Join Date: Apr 2009
Location: Washington, DC
Posts: 112
saarn is on a distinguished road
I guess it's completely possible that me chmodding everything did nothing and that the real difference was just running again after Sil crashed when I closed the password dialog.

I feel like there really ought to be some sort of way to catch this using a debugger, but I'm not terribly familiar with everything Xcode provides.
saarn is offline   Reply With Quote
Old July 10, 2012, 17:16   #8
half
Knight
 
half's Avatar
 
Join Date: Jan 2009
Posts: 862
half is on a distinguished road
Well, I've had the dialogue come up again after 10 to 15 tries at different times, so it doesn't look like my work so far has solved the problem. I'm guessing that the same is true of the chmod approach, since I couldn't find a file that the approach would actually modify. The inconsistency of this dialogue does indeed make it harder to catch. I have no idea how to find this with X Code unfortunately.
half is offline   Reply With Quote
Old July 11, 2012, 23:52   #9
half
Knight
 
half's Avatar
 
Join Date: Jan 2009
Posts: 862
half is on a distinguished road
I had the dialogue come up again and decided to read it carefully and find out as much as I could from it. It turns out it needs permissions called:

system.privilege.setugid_appkit

Which is probably what you saw before trying the chmod to get rid of a setgid bit. My current theory is that this is being triggered by calls to the function safe_setuid_grab() which occur on save and load and some other places. I'm not completely sure though.

One thing I do know is that on the Carbon port I'm using, SET_UID is defined, so some of the following code does get run.

Code:
/*
 * Hack -- grab permissions
 */
void safe_setuid_grab(void)
{

#ifdef SET_UID

# ifdef SAFE_SETUID

#  ifdef HAVE_SETEGID

	if (setegid(player_egid) != 0)
	{
		quit("setegid(): cannot set permissions correctly!");
	}

#  else /* HAVE_SETEGID */

#   ifdef SAFE_SETUID_POSIX

	if (setgid(player_egid) != 0)
	{
		quit("setgid(): cannot set permissions correctly!");
	}

#   else /* SAFE_SETUID_POSIX */

	if (setregid(getegid(), getgid()) != 0)
	{
		quit("setregid(): cannot set permissions correctly!");
	}

#   endif /* SAFE_SETUID_POSIX */

#  endif /* HAVE_SETEGID */

# endif /* SAFE_SETUID */

#endif /* SET_UID */

}
half is offline   Reply With Quote
Old July 12, 2012, 06:45   #10
myshkin
Angband Devteam member
 
Join Date: Apr 2007
Posts: 306
myshkin is on a distinguished road
Quote:
Originally Posted by half View Post
I had the dialogue come up again and decided to read it carefully and find out as much as I could from it. It turns out it needs permissions called:

system.privilege.setugid_appkit

Which is probably what you saw before trying the chmod to get rid of a setgid bit. My current theory is that this is being triggered by calls to the function safe_setuid_grab() which occur on save and load and some other places. I'm not completely sure though.
See the "setuid/setgid apps disallowed" paragraph of the "Notes specific to MacOS X 10.6" section of the Cocoa Application Framework Release Notes. Are you running Snow Leopard or later?

The file to check ought to be Sil.app/Contents/MacOS/sil. As far as I can tell, the zip on the website does not make that executable setgid, nor does Makefile.osx's install target make it setgid, and so the behavior described in the release notes should not occur.

Are you seeing this behavior with V?
myshkin is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
v4 osx crash saarn v4 5 June 19, 2012 15:50
Cocoa build on OSX Derakon Development 9 December 21, 2011 22:33
OSX build working again Magnate Development 9 October 30, 2011 08:13
getting started on OSX cinereaste Development 8 August 6, 2010 04:13
OSX Tileset help? ZorroRoaster Variants 1 March 31, 2009 00:09


All times are GMT +1. The time now is 17:16.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.