Home Explore Help
Sign In
sdl
/
SDL
mirror of https://github.com/libsdl-org/SDL.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Document SDL's policy on setuid/setgid executables

Stated briefly, the policy is: don't.

Resolves: https://github.com/libsdl-org/SDL/issues/14717
Signed-off-by: Simon McVittie <[email protected]>
Simon McVittie 1 month ago
parent
1fee2a9ae0
commit
76352f2931
4 changed files with 19 additions and 0 deletions
Split View Show Diff Stats
  1. 1 0
      docs/README-bsd.md
  2. 1 0
      docs/README-linux.md
  3. 2 0
      docs/README-macos.md
  4. 15 0
      docs/README-platforms.md

+ 1 - 0
docs/README-bsd.md
View File 

@@ -4,3 +4,4 @@ SDL is fully supported on BSD platforms, and is built using [CMake](README-cmake
 
 
 If you want to run on the console, you can take a look at [KMSDRM support on BSD](README-kmsbsd.md)
 
 
+SDL is [not designed to be used in setuid or setgid executables](README-platforms.md#setuid).

+ 1 - 0
docs/README-linux.md
View File 

@@ -8,6 +8,7 @@ system does not have the XRandR libraries installed, it will be disabled
 
 at runtime, and you won't get a missing library error, at least with the
 
 default configuration parameters.
 
 
+SDL is [not designed to be used in setuid or setgid executables](README-platforms.md#setuid).
 
 
 Build Dependencies
 
 --------------------------------------------------------------------------------

+ 2 - 0
docs/README-macos.md
View File 

@@ -73,6 +73,8 @@ NSApplicationDelegate implementation:
 
 }
 
 ```
 
 
+SDL is [not designed to be used in setuid or setgid executables](README-platforms.md#setuid).
 
+
 
 # Using the Simple DirectMedia Layer with a traditional Makefile
 
 
 An existing build system for your SDL app has good chances to work almost

+ 15 - 0
docs/README-platforms.md
View File 

@@ -45,3 +45,18 @@ All of these still work with [SDL2](/SDL2), which is an incompatible API, but an
 
 - OS/2
 
 - WinPhone
 
 - WinRT/UWP
 
+
 
+## General notes for Unix platforms
 
+
 
+Some aspects of SDL functionality are common to all Unix-based platforms.
 
+
 
+### <a name=setuid></a>Privileged processes (setuid, setgid, setcap)
 
+
 
+SDL is not designed to be used in programs with elevated privileges,
 
+such as setuid (`chmod u+s`) or setgid (`chmod g+s`) executables,
 
+or executables with file-based capabilities
 
+(`setcap cap_sys_nice+ep` or similar).
 
+It does not make any attempt to avoid trusting environment variables
 
+or other aspects of the inherited execution environment.
 
+Programs running with elevated privileges in an attacker-controlled
 
+execution environment should not call SDL functions.