user-writable content in games
Wart
wart at kobold.org
Sun Apr 23 04:37:28 UTC 2006
Jason L Tibbitts III wrote:
>>>>>>"w" == wart <wart at kobold.org> writes:
>
>
> w> The first game, njam, has an in-game editor for users to create new
> w> levels. The directory where user-levels are saved is
> w> /usr/share/njam/levels.
>
> If you really want to support something like this, (and I'd argue that
> it isn't worth it) here are a couple of ideas:
>
> Save in a known place in the user's home directory and set read
> permission. Of course, to load a level, you need to know what user
> made it.
> Somehow pass the data to a small program that has the appropriate
> privileges that does nothing but move the data into place.
This is a pretty good idea. Something like 'njam-install-level' that
could also perform some sanity checks on the game data to prevent bad
data from being installed.
> w> The second game, hack (part of bsd-games), creates 'bones' files
> w> when a character dies. These bones files are later loaded and
> w> removed when other players start a game to create ghosts and
> w> treasure piles.
>
> Ugh; it is really not possible to determine the name of the bones file
> early in the process? Is there some reason it can't just be some
> random string?
The bones files are created based on the dungeon level that the user
died on. There is a maximum of one bones file per user per dungeon
level. This means that we don't know the name of the file until the
user dies, that is, until the game ends.
I found an article by David Wheeler discussing secure programming
techniques. Section 7.4 discusses minimizing privileges and is quite a
good read:
http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/minimize-privileges.html
--Mike
More information about the games
mailing list