p0s Dec 7, 2012 @ 9:49am
HOWTO: Run Steam without giving it root access
The following HOWTO tells you how to install the Steam for Linux Limited Beta in a separate user account without giving any root privileges to Steam.
This gives you double security:
1. None of the Steam programs is ever executed as root, not even the install script
2. Steam is not even run with privileges of your primary user account. You are told how to generate a second user account which is a sandbox for Steam.

The HOWTO was written and tested on Kubuntu 12.10 amd64 on 2012-12-07.
Here it is: http://pastebin.com/cjA1nQpk
Showing 1-15 of 148 comments
< >
Satoru Dec 7, 2012 @ 10:00am 
Does steam run as root? I just run it from /usr/bin/
p0s Dec 7, 2012 @ 10:07am 
With the normal standard installation procedure, you give root access to the package installer.
The package installer will execute the Steam install script in the package with those root privileges. So yes, the normal installation procedure DOES give root access to Steam.

The fact that you can run it without root afterwards is useless to the security of your system. Once you have run untrustworthy software as root, it can keep the root access and hide itself from you. Once root, always root.
Princess Unicorn Boner Dec 7, 2012 @ 10:10am 
Guys, you're being excessively paranoid. If you don't trust valve, then why are you here? Why do you want their software at all? This is just exceptionally uneccessary.
p0s Dec 7, 2012 @ 10:12am 
It's very simple: If you trust Linux, you can trust it to have secure user account separation. Then you do not have to trust any software which you run in a separate user account. This allows you to run Steam without trusting it.

And as it is closed source software, it is per definition not trustworthy. Thats the primary difference between open and closed source software.
Ralesk Dec 7, 2012 @ 10:20am 
> Once root, always root.

That's rather stupid and needlessly paranoid. Steam (the binary) cannot elevate to root if you run it as a user unless it executes something that's SUID and owned by root. Whether or not it is closed source. If it could, that would mean it can do it on the other account you just created just for Steam — and it would also mean that the Linux user separation is entirely worthless and insecure.

I do understand some of the concern about the installer of course, but the final expanded program, nope.
formkake Dec 7, 2012 @ 10:20am 
OR: manually copy/paste content of deb to system. Run it but don't give password when it asks. Steam will place the updated client nicely in user space. This should be standard installation procedure anyway.
Last edited by formkake; Dec 7, 2012 @ 10:21am
Princess Unicorn Boner Dec 7, 2012 @ 10:22am 
Originally posted by p0s:
And as it is closed source software, it is per definition not trustworthy. Thats the primary difference between open and closed source software.

Is there a :rolleyes: emoticon around here somewhere?
p0s Dec 7, 2012 @ 10:25am 
Originally posted by Ralesk:
> Once root, always root.
That's rather stupid and needlessly paranoid. Steam (the binary) cannot elevate to root if you run it as a user unless it executes something that's SUID and owned by root. Whether or not it is closed source. If it could, that would mean it can do it on the other account you just created just for Steam — and it would also mean that the Linux user separation is entirely worthless and insecure.

I do understand some of the concern about the installer of course, but the final expanded program, nope.
You are not understanding the process of installing deb packages.
The deb package of Steam contains a program.
This programs is run as root once you install the package.
As this program has root access, it theoretically can do ANYTHING to your system, INCLUDING installing programs which have PERMANENT root access and are run automatically when ever you start your system. You don't need to give root access to them after that, the install script can just configure the system to automatically run them as root.
Again: Once you run an untrustworthy software as root, your system is compromised. Anything which happens in the system after that CANNOT be trusted anymore. The fact that you are not asked for root privileges after the compromise does NOT mean that the system is not compromised. Of course a compromised system will not ask you to give permissions to malicious software anymore.
p0s Dec 7, 2012 @ 10:28am 
Originally posted by IS THAT RACIST?:
Originally posted by p0s:
And as it is closed source software, it is per definition not trustworthy. Thats the primary difference between open and closed source software.

Is there a :rolleyes: emoticon around here somewhere?
Welcome to the world of Linux. Thats how we roll.
This assumption is one of the reasons why you can actually benefit from people writing open source software. Be thankful instead of rolling your eyes.
jimux Dec 7, 2012 @ 10:45am 
The fact of the matter is that games have dependencies, and Steam needs to be able to install and script their configuration. You're giving Steam the same level of trust here on Linux as you do in Windows. If you are concerned about that level of access being given to Steam on Linux, then you probably shouldn't be playing Steam games on a computer that you are that concerned about the security of.
Ralesk Dec 7, 2012 @ 10:47am 
You have no idea just how well I understand .deb packages. I've created a few thousand of them. I know what happens in there, and typically, a .deb package needs root rights for the following reasons:
• To write to system directories that regular users do not have access to, eg. the /usr tree, the /usr/local tree, or the /opt tree.
• To write information into the Dpkg package cache files so the system knows your program has been installed.

There’s exactly nothing suspicious about this.

There's no such thing as “programs with permanent root access”, because if there were, that would mean there's a security hole inside Linux. Linux is not perfect, of course, so there could be, of course. All the programs, unless SUID, run as the user running them. They cannot elevate unless your user can elevate — either via a bug (as before, that’s an issue you should raise with Kernel developers) or via legit ways such as su or sudo. You can take a look at the result of the .deb package installation (it is possible to specify a different root for dpkg-deb to unpack to, and you can chroot and jail the installation), and if you see something SUID, you can raise the flags. Until then, it's just hot steam from paranoia.

And also, if you don't know your system enough to see whether the install script has “configured the system to automatically run them as root”, you shouldn't be talking about keeping things “secure”.

But hey, I do understand where you’re coming from, I happened to have studied IT security. That whole area is based on paranoia — and that’s what drives it to make things even better and even more secure. I’m totally cool with that, and I’m glad we have things like PGP and SSL and the likes, thanks to security folks. However, if you’re security-concerned, you don’t actually want any closed sourced software (or open sourced, but not thoroughly peer-reviewed software) near a computer that you consider to be trusted and you want to keep secure.

Because... with closed source software you have a much, much bigger issue than root elevation — it leaking data to the creator without your consent. Just tell me how it can’t do that without root elevation, because I think it’s more than possible to see quite a few things on your computer without being an administrator user.
Ralesk Dec 7, 2012 @ 10:54am 
Originally posted by p0s:
Welcome to the world of Linux. Thats how we roll.

By all means, please stop speaking for every Linux user :)
jimux Dec 7, 2012 @ 10:58am 
If you're really this paranoid about security and want to play games, then bug Qubes to work towards 3D support ( http://qubes-os.org/trac )
p0s Dec 7, 2012 @ 11:01am 
Originally posted by Ralesk:
You have no idea just how well I understand .deb packages. I've created a few thousand of them. [...]
There's no such thing as “programs with permanent root access”, because if there were, that would mean there's a security hole inside Linux. [...] All the programs, unless SUID, run as the user running them.
Please think about whether you did recently take any drugs. You claim to have packaged thousands of debs, you claim that there are no ways of giving permanent root access to progams on Linux and in THE SAME POST you talk about SUID, which is THE way of giving permanent root to something.
jimux Dec 7, 2012 @ 11:06am 
SUID isn't even on the table here. It's highly insecure and is really meant for specific one-off uses instituted by sys admins who know what they're doing and why. A system like Steam should rely on nothing of the sort.
Showing 1-15 of 148 comments
< >
Per page: 15 30 50
Date Posted: Dec 7, 2012 @ 9:49am
Posts: 148