Heroic is needlessly escaping the flatpak sandbox when not needed #3830
Comments
|
With the screenshot above, a potentially vector of attack could be encryption of both Documents and Desktop folders. For example Steam and Bottles are immune to this attack as they don't create syslinks to those folders while having access to the files. This isn't really an issue which can be resolved of the flatpak side of Heroic, this can only be fixed upstream. |
|
I am planning to eventually follow through and create issue requests for:
|
|
This is not an issue for heroic but for wine/proton. Heroic does not create these syslinks. |
|
I can confirm the issue and would also like to note that this behavior can lead to data loss. I have my prefixes stored on an external drive. I assumed all the saves were stored on this drive, but that was not correct. The game had stored its saves in Documents which was stored on my OS drive. @Kajot-dev Proton does not create these symlinks. If I go into the prefixes made by Steam, they are all just regular folders. |
What I meant is that Heroic is not directly creating these directories. Heroic just runs Tested Perhaps Steam does something to prevent it or removes them after prefix creation. To fix your current prefixes you can use This is the same issue as in: https://www.reddit.com/r/winehq/comments/l1zc77/a_general_concern_about_wine_desktop_integration/ Maybe I'll try to create a PR which would remove these symlinks after prefix creation |
|
It is recommended to use UMU and Proton as a runner, it doesn't have severe integration with the desktop like vanilla Wine. Additionally Proton is now the only up-to date compatibility tool made for games. Wine-GE should be treated as deprecated going forward. |
Describe the bug
Essentially the issue is that Heroic has multiple syslinks within prefixes to the home folder (and subfolders) by default without an actual way of opting out during the installation process.
As flatpaks should be sandboxed this is a really big security oversight as you can potentially have a malicious game encrypt your documents (as Heroic by default has access to
xdg-documentsand it is syslinked).Technically you COULD install a game, not run it, go to the prefix and manually unlink the folders, but that is a hassle and there should be a GUI option directly in Heroic, ideally in the wine/prefix options before a game install is started.
Add logs
Steps to reproduce
Expected behavior
To not have syslinks within the prefix connected directly to the home folder. Either give a button for opting out (or ideally make it an opt-in process).
Screenshots
Heroic Version
Latest Stable (Flatpak)
System Information
Operating System: Fedora Linux 40
KDE Plasma Version: 6.0.5
KDE Frameworks Version: 6.3.0
Qt Version: 6.7.1
Kernel Version: 6.9.4-200.fc40.x86_64 (64-bit)
Graphics Platform: Wayland
Processors: 16 × AMD Ryzen 7 7800X3D 8-Core Processor
Memory: 31.1 GiB of RAM
Graphics Processor: AMD Radeon RX 7900 XTX
Manufacturer: ASUS
Additional information
No response
The text was updated successfully, but these errors were encountered: