search

Heroic-Games-Launcher / HeroicGamesLauncher

A games launcher for GOG, Amazon and Epic Games for Linux, Windows and macOS.
https://heroicgameslauncher.com
GNU General Public License v3.0
7.91k stars 417 forks source link

Heroic is needlessly escaping the flatpak sandbox when not needed #3830

Open zastrixarundell opened 2 months ago

zastrixarundell commented 2 months ago

Describe the bug

Essentially the issue is that Heroic has multiple syslinks within prefixes to the home folder (and subfolders) by default without an actual way of opting out during the installation process.

As flatpaks should be sandboxed this is a really big security oversight as you can potentially have a malicious game encrypt your documents (as Heroic by default has access to xdg-documents and it is syslinked).

Technically you COULD install a game, not run it, go to the prefix and manually unlink the folders, but that is a hassle and there should be a GUI option directly in Heroic, ideally in the wine/prefix options before a game install is started.

Add logs

No logs

Steps to reproduce

  1. Install a game
  2. Open prefix
  3. See multiple syslinks

Expected behavior

To not have syslinks within the prefix connected directly to the home folder. Either give a button for opting out (or ideally make it an opt-in process).

Screenshots

image

Heroic Version

Latest Stable (Flatpak)

System Information

Operating System: Fedora Linux 40 KDE Plasma Version: 6.0.5 KDE Frameworks Version: 6.3.0 Qt Version: 6.7.1 Kernel Version: 6.9.4-200.fc40.x86_64 (64-bit) Graphics Platform: Wayland Processors: 16 × AMD Ryzen 7 7800X3D 8-Core Processor Memory: 31.1 GiB of RAM Graphics Processor: AMD Radeon RX 7900 XTX Manufacturer: ASUS

Additional information

No response

zastrixarundell commented 2 months ago

With the screenshot above, a potentially vector of attack could be encryption of both Documents and Desktop folders. For example Steam and Bottles are immune to this attack as they don't create syslinks to those folders while having access to the files.

This isn't really an issue which can be resolved of the flatpak side of Heroic, this can only be fixed upstream.

zastrixarundell commented 2 months ago

I am planning to eventually follow through and create issue requests for:

Kajot-dev commented 1 month ago

This is not an issue for heroic but for wine/proton. Heroic does not create these syslinks.