TeamHepta/SDL
1
0
Fork 0
mirror of https://github.com/libsdl-org/SDL.git synced 2026-03-20 15:51:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

Document SDL's policy on setuid/setgid executables

Browse Source 
Stated briefly, the policy is: don't.

Resolves: https://github.com/libsdl-org/SDL/issues/14717
Signed-off-by: Simon McVittie <smcv@debian.org>
This commit is contained in:
Simon McVittie
2025-12-28 17:51:38 +00:00
committed by Sam Lantinga
parent 1fee2a9ae0
commit 76352f2931
4 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
docs/README-bsd.md
View File

@@ -4,3 +4,4 @@ SDL is fully supported on BSD platforms, and is built using [CMake](README-cmake
If you want to run on the console, you can take a look at [KMSDRM support on BSD](README-kmsbsd.md) If you want to run on the console, you can take a look at [KMSDRM support on BSD](README-kmsbsd.md)
SDL is [not designed to be used in setuid or setgid executables](README-platforms.md#setuid).

1
docs/README-linux.md
View File

@@ -8,6 +8,7 @@ system does not have the XRandR libraries installed, it will be disabled
at runtime, and you won't get a missing library error, at least with the at runtime, and you won't get a missing library error, at least with the
default configuration parameters. default configuration parameters.
SDL is [not designed to be used in setuid or setgid executables](README-platforms.md#setuid).
Build Dependencies Build Dependencies
-------------------------------------------------------------------------------- --------------------------------------------------------------------------------

2
docs/README-macos.md
View File

@@ -73,6 +73,8 @@ NSApplicationDelegate implementation:
} }
``` ```
SDL is [not designed to be used in setuid or setgid executables](README-platforms.md#setuid).
# Using the Simple DirectMedia Layer with a traditional Makefile # Using the Simple DirectMedia Layer with a traditional Makefile
An existing build system for your SDL app has good chances to work almost An existing build system for your SDL app has good chances to work almost

15
docs/README-platforms.md
View File

@@ -45,3 +45,18 @@ All of these still work with [SDL2](/SDL2), which is an incompatible API, but an
- OS/2 - OS/2
- WinPhone - WinPhone
- WinRT/UWP - WinRT/UWP
## General notes for Unix platforms
Some aspects of SDL functionality are common to all Unix-based platforms.
### <a name=setuid></a>Privileged processes (setuid, setgid, setcap)
SDL is not designed to be used in programs with elevated privileges,
such as setuid (`chmod u+s`) or setgid (`chmod g+s`) executables,
or executables with file-based capabilities
(`setcap cap_sys_nice+ep` or similar).
It does not make any attempt to avoid trusting environment variables
or other aspects of the inherited execution environment.
Programs running with elevated privileges in an attacker-controlled
execution environment should not call SDL functions.