Re: Games Team policy on games being setgid

To: debian-devel-games@lists.debian.org
Subject: Re: Games Team policy on games being setgid
From: Simon McVittie <smcv@debian.org>
Date: Sun, 28 Dec 2025 16:17:05 +0000
Message-id: <[🔎] aVFYAd0ayi4tndMa@remnant.pseudorandom.co.uk>
In-reply-to: <[🔎] aVFQ7HtjX7cYSnIp@remnant.pseudorandom.co.uk>
References: <[🔎] aVFQ7HtjX7cYSnIp@remnant.pseudorandom.co.uk>

On Sun, 28 Dec 2025 at 15:46:52 +0000, Simon McVittie wrote:

for example SDLtrusts and obeys many environment variables, without consideringwhether they might be attacker-supplied

As I expected, SDL upstream has confirmed inhttps://github.com/libsdl-org/SDL/issues/14717 that SDL's policy is thatit does not aim to support being run with elevated privileges, so eachof our games that is setgid and uses SDL without first sanitizing theexecution environment should be considered to be a game bug (not a SDLbug).


    smcv

Reply to:

References:
- Games Team policy on games being setgid
  - From: Simon McVittie <smcv@debian.org>

Prev by Date: Games Team policy on games being setgid
Next by Date: Re: Games Team policy on games being setgid
Previous by thread: Games Team policy on games being setgid
Next by thread: Re: Games Team policy on games being setgid
Index(es):
- Date
- Thread