The larger issue is that anyone who controls a Steam developer account has the right to install unsandboxed software on any user’s computer who owns a game from that developer.
And you have to remember that the party in control of the account doesn’t even need to be the people who originally developed the thing. Publishers go under and get purchased all the time. It’d also be possible to compromise the build systems of a publisher.
This one apparently was caught by users after acting in a particularly-incautious fashion. But it’d be pretty easy to have code that doesn’t do that. An example would be putting, say, an intentional buffer overflow in a game that phones home. That’s pretty hard to catch, and deniable if it is and all you find is the buffer overflow. Then the game reports enough information — like, say, configured full name of user on the computer, which I’m sure that plenty of games send today — to indicate whether a user is a desirable target; the remote server would also have the IP. If they are, an exploiting payload gets pushed over. Not easy to pick up on something like that in a trivial way.
There hasn’t been a “big disaster” yet, or at least not one we know about, but I don’t think that there’s going to be a real fix other than having Steam switch to having games run in some form of isolated sandbox.
threaded - newest
The larger issue is that anyone who controls a Steam developer account has the right to install unsandboxed software on any user’s computer who owns a game from that developer.
And you have to remember that the party in control of the account doesn’t even need to be the people who originally developed the thing. Publishers go under and get purchased all the time. It’d also be possible to compromise the build systems of a publisher.
This one apparently was caught by users after acting in a particularly-incautious fashion. But it’d be pretty easy to have code that doesn’t do that. An example would be putting, say, an intentional buffer overflow in a game that phones home. That’s pretty hard to catch, and deniable if it is and all you find is the buffer overflow. Then the game reports enough information — like, say, configured full name of user on the computer, which I’m sure that plenty of games send today — to indicate whether a user is a desirable target; the remote server would also have the IP. If they are, an exploiting payload gets pushed over. Not easy to pick up on something like that in a trivial way.
There hasn’t been a “big disaster” yet, or at least not one we know about, but I don’t think that there’s going to be a real fix other than having Steam switch to having games run in some form of isolated sandbox.