[MayeulC]

That sounds pretty reasonable to assume for any game, even those that are singleplayer, if they access the network.

Game code is particularly known to be "spaghetti", "code cowoy"-style, where the result is more important than the form or correctness. I mean, that's art, after all, so that seems obvious.

And do you think a lot of companies update their games after they are out? Most often, the code is definitive, refactors are out of the question, etc. I've never seen a bug that fixes a security issue (CVE), let alone for old titles.

And that's when RCE is not by design. It is in Garry's mod, but that's for client-side mode scripted with lua, so theoretically sandboxed. Unreal Tournament 99 though, has plenty of servers that put some dlls for "anti-cheat" software on your computer before you join. That one probably sn't sandboxed.

While we talk about anti-cheat software, can we think a moment about everything that could go wrong with a piece of software that has a very deep access to the system, is sometimes in-house, and not necessarily audited, and whose functionality often includes:

* downloading challenges from servers, patch them into RAM and see what happens

* scan the RAM of the whole system, plus the filesystem, for known exploits

* upload parts of that RAM and filesystem to random servers for analysis

* take screenshots, log keypresses, monitor the system and upload all of this.

Takeaway: sandbox your games. There's a reason I run Steam in a flatpak, on Wayland... Convenience is part of it, but that's not the main one.

[ccouzens]

> sandbox your games. There's a reason I run Steam in a flatpak, on Wayland

If flatpak works perfectly, I suppose an attacker could still steal the "cookie" that automatically logs you into Steam.

Ideally you want Steam to be sandboxed, and then Steam to in turn run all the games in individual sandboxes.

[MayeulC]

I agree, and that's unfortunate, but I value it far less than I value the integrity of my computer and the data on it.

Steam itself has an interesting "Linux runtime" option for games, but it is unclear if that isolates things more than the status quo.

I don't know what I could do, short of replacing every executable in the steam directory with something that uses a mount namespace or a similar restrictive mechanism before launching the actual executable. Inject a modified libc to perform this on steam's exec call? I think the ball is in Valve's camp to improve this.

[gbrown]

> Unreal Tournament 99 though, has plenty of servers that put some dlls for "anti-cheat" software on your computer before you join.

D:

People put up with that?

[therealidiot]

For reference, the anti-cheat plugin usually used by Unreal Tournament servers is AntiCheatEngine ("ACE")

https://ace.ut-files.com/index1a8f.html?p=about

[d1zzy]

Battle.net has been doing that since day 1, so if you played any game on Battle.net you have downloaded server provided code and executed locally with the privileges of the user running the game.

(when a client connects to a battle.net server, one of the early handshake steps is to download a fixed named MPQ file, which is a Blizzard proprietary archive protocol which contains a DLL that is loaded and a certain fixed named function runs from it, which will checksum your client binary and send the result to the server to compare and allow you to progress further)

[AgentME]

I think there's a big difference between the game downloading a DLL straight from the game developers (not all that different from an update) and a game downloading a DLL from a random server you join (that could be run by anyone that you have no reason to trust and that you don't realize you're giving them full read-write access to your computer).

[gbrown]

Exactly. Neither is ideal, but they're not exactly equivalent...

[Kaze404]

People are defending Riot Games installing an anti cheat driver, so that's not very surprising if you ask me.

[gruez]

Not just that, the driver starts on boot and stays running even when the game isn't running.

[Kaze404]

And removing the game doesn't remove the driver. You have to remove it separately.

[ThrowawayR2]

Better than putting up with cheaters ruining the game.

[Karunamon]

Even if you actually believe this, Riot is not known for their high-quality code. This sounds a bit snarky but is entirely serious: Giving games root rights is bad enough, I absolutely don't want to run anything in kernel space from the same people who wrote the client for League of Legends.

And it's not even about trusting that Riot are not bad actors, tencent conspiracy nonsense aside, it's about leaving that trash running with that level of access in a way that some malicious process could use to elevate its permissions. That is the (ab)use case that worries me.

[bzb3]

As someone who plays CSGO, I agree with you. I wish valve did something like this. I'm tired of matches getting ruined by cheaters, which happens very often.