Bug 1112382
| Summary: | Harden default security policy against Steam games | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Elad Alfassa <elad> |
| Component: | selinux-policy-targeted | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED EOL | QA Contact: | Ben Levenson <benl> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 22 | CC: | dwalsh, kparal, matt |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-07-19 11:50:08 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Elad Alfassa
2014-06-23 19:37:28 UTC
Does steam games always use the same directories for content? Depends on what you define as content. For game binaries, data, and excutables, they use $HOME/.local/share/Steam/SteamApps by default, but users can choose to install games in different directories when they install a game with the exception of only one Steam directory per partition (so in most cases users will not install the games anywhere else) For game save/progress data, some games use $HOME/.local/share, but others will create random dirs in your home directory. That is where the problems start, but I don't have a problem with that. If the defaults made sense. Steam storing content in $HOME/.local/share/Steam/SteamApps is great. If we could get the games to store data in ~/.local/share/Steam/* THen we could begin to do a good job of securing it. Of course there would also need to be questions of what network access is required? It would be difficult to convince game authors / porters to do the right thing. From what I see, most of them use ~/.local/share/$developer_name/$game_name (replace $developer_name with the name of the developer, and $game_name with the name of the game) for game save/progress data. As for network access, games do quite a lot of network access, with each games doing it's own thing - either for multiplayer, high scores, or analytics. It would be very difficult to restrict this. Since we don't know exactly what games would access, wouldn't it be better if we block their access to directories we know they don't, such as Firefox's profile directory, .ssh, and the GNOME keyring files? It won't be perfect security, but it should be a little bit better than what we have now, right? This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle. Changing version to '22'. More information and reason for this action is here: https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22 Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed. |