GetDeb Software Portal

[Packaging Request] Dwarf-Therapist

Bug #1332894 reported by orbisvicis
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
GetDeb Software Portal
Won't Fix
Medium
Christoph Korn

Bug Description

Overview:
Dwarf Therapist gives you an advanced GUI to manage and check dwarf job allocations, military assignments, statistics (such as attributes, personality traits and happiness), sort dwarves by various criteria (e.g. profession, migration wave, happiness, number of assigned jobs etc.) and generally manage the Dwarven Resources of your fortress in a very convenient way. This

[This] fork of Dwarf Therapist is the currently updated version, and available for Windows, Mac and GNU + Linux.

License:
MIT

Links:
Upstream: https://github.com/splintermind/Dwarf-Therapist
Forum/Support: http://www.bay12forums.com/smf/index.php?topic=122968
Game*: http://www.bay12games.com/dwarves/

*This is a management helper for the game "Dwarf Fortress".

Thanks,

Revision history for this message
Christoph Korn (c-korn) wrote :

Taking dwarftherapist 0.6.10-1 as starting point.

Changed in getdeb.net:
assignee: nobody → Christoph Korn (c-korn)
importance: Undecided → Medium
status: New → In Progress
Revision history for this message
Christoph Korn (c-korn) wrote :

This game requires root permissions?

Changed in getdeb.net:
status: In Progress → Incomplete
Revision history for this message
Christoph Korn (c-korn) wrote :

Don't want to publish a game that requires root permission.

Changed in getdeb.net:
status: Incomplete → Won't Fix
Revision history for this message
orbisvicis (orbisvicis) wrote :

It doesn't require root permissions. By default ubuntu's ptrace protection allows tracing child processes, thus the script documented at DwarfTherapist's home page will work without additional credentials or capabilities.

In other words, any of the following work:
1] require root credentials
2] grant ptrace capability
3] ptrace child, without special credentials/capabilities

[1] is bad, as you mentioned. Enabling [2] provides the same attack vector as the tracing application. Since DwarfTherapist is only exposed to the local user, providing ptrace capabilities should present little harm. As for [3], perhaps you want to ship such a script ( untested - DwarfTherapist seems picky about its working directory):

cat /usr/bin/dwarf-therapist-wrapper
#!/usr/bin/env bash

help=$(cat <<-"EOM"
    usage: ...

    description lorem ipsum

    positional arguments:
      P path to dwarf fortress
EOM)

if (($# != 1)); then
  printf "%s\n" "$help" >&2
  exit 1
fi

"$1" &
exec /usr/bin/DwarfTherapist

Revision history for this message
Christoph Korn (c-korn) wrote :

I don't understand this script.

The launch script says user ptrace is disabled:
https://github.com/splintermind/Dwarf-Therapist/blob/master/dist/dwarftherapist

$ cat /proc/sys/kernel/yama/ptrace_scope
1

Revision history for this message
orbisvicis (orbisvicis) wrote :

That launch script is for attaching DwarfTherapist to a non-child DwarfFortress, which requires root [1] or ptrace capability [2]. The script is slightly broken because it doesn't check for [2] and just assumes root is required.

My script makes DwarfTherapist (the exec ... line) the parent of the DwarfFortress (the "$1" & line) so neither root nor ptrace cap is required. I would run it like:
$ /usr/bin/dwarf-therapist-wrapper /path/to/games/Dwarf.Fortress/df_linux/df

I actually use a similar script (for make but not install DwarfTherapist) which works, so I can vouch for this approach:

./df_linux/df &
cd Dwarf-Therapist
exec ./bin/release/DwarfTherapist

Hmm actually I will see if I can merge my launcher with upstream and a pcap detection.

Revision history for this message
orbisvicis (orbisvicis) wrote :

https://github.com/splintermind/Dwarf-Therapist/issues/20

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.