Simon McVittie:
Control: retitle -1 steam-installer: upstream code doesn't work when
incorrectly made setgid
Control: tags -1 = upstream
Control: severity -1 wishlist
On Thu, 04 Dec 2025 at 00:00:51 +0000, Ximin Luo wrote:
After some playing around I realised the error occured because I did a
`sudo chmod -R g+s` on `/opt/steam` recently, which mistakenly applied
this to *files* as well as directories.
This is not a supportable configuration, and I am not surprised that it doesn't work.
General-purpose code is not designed to be given higher privileges than its parent process, and
depending how that has been handled, it will either be silently insecure by accepting environment
variables from its less-privileged caller ("fail open", the default if no code has been
written to handle it), or detect the situation and refuse to operate ("fail closed").
Most programs would fail open in this situation, but some of the programs used
internally by the Steam Runtime have been written more cautiously and fail
closed.
TBH this is still an upstream bug, it should not be segfaulting on incorrect
permissions
This is a bug in the handling of assertion failures when an insecure
configuration has been detected. It is unlikely to reach the top of anyone's
priority queue this decade, but you never know.
We observe the issue here in an insecure configuration, but have no idea how it
might behave in other (e.g. secure) configurations, and therefore whether it's
high or low priority. At least, as a user I have no idea. So I've reported it
upstream anyway, they can decide.
https://github.com/ValveSoftware/steam-runtime/issues/787
Best,
Ximin
--
GPG: ed25519/56034877E1F87C35
https://github.com/infinity0/pubkeys.git
