undefined | Better HN

0 pointsgruez1y ago0 comments

>but I don't remember any game ever asking me for my root password to install or run.

Are you sure there isn't some sort of setuid executable that's doing all the root stuff for you? At least in theory for something like steam, you'd want either all installs to require root, or restrict all installs to per-user basis.

>In any case, something being programmed poorly isn't a good excuse to make things even worse.

The point is that if multi-user security is broke in practice, you shouldn't invest effort into using it, and use something better like virtualization and/or dual booting with full disk encryption.

0 comments

ndriscoll1y ago

By default steam puts everything in ~/.local/share so I don't see why it would need root.

These drivers generally try to prevent you from using virtualization for the same reason they want root. The point is that fundamentally they want to live one level above wherever the user is, which means they compromise user ability to secure against them. The game industry isn't exactly known for slow, careful development, so they're kind of the worst group to give root.

Even without a VM, multi-user security does work, and Linux has other tools to isolate programs. Steam already runs in a sandbox[0] on NixOS to give it a normal FHS layout and work at all, so it wouldn't be unreasonable to add more isolation.

[0] apparently using https://github.com/containers/bubblewrap which can also do things like PID and network isolation.

j / k navigate · click thread line to collapse