Without a sandbox you're still at the mercy of every game you install. Even on Linux every game you install could upload the contents of your .ssh folder, your .mail folder, or ~/Pictures or whatever's in your user folders.
And, even if it doesn't do itself if the game does any networking then if there's any bugs in the networking code someone can use that as a way into your system.
Here's hoping Steam can build a sandbox.
Note: This is also the problem with systems like the old PC/Mac/Linux Boxee. How do I know the apps I'm one click installing can't read my whole HD? I don't :-(
Apple's App Store, Windows 8's app store, iOS's app store, Android's App store, and Chrome's App store all try to solve this problem. AFAICT Steam does not.
I'm not sure why this is especially more dangerous than ordinary Linux packages provided by distros, let alone games installed by means other than Steam. A game is an executable, running any executable with your privileges provides access to your home directory. That is ordinary design for a Linux program. What is the home directory for, anyway? Again, it is absolutely normal for ordinary programs including multiplayer games to use the network.
Connect your PCs to the internet through a firewall and don't install Steam on production servers.
The point being: right now distro provided packages are screened and vetted, as are steam games. Moving away from that model has obvious security implications.
This is the fundamental tradeoff between security and usability.
It would be more secure to basically give every application you install it's own home folder and keep it restricted to that.
OTOH an image editing program should be able to see images used by other image editors, a file transfer program should be able to use my SSH keys to log me into various servers etc.
The only way around this would be to have some complicated fine grained permissions system that requires apps to know about other apps that might want to access it's data.
Linux's Capabilities framework is one such fine grained permission system. That, AppArmor, SELinux, or a similar system could be used to sandbox apps and games.
The point isn't that SELinux will be used by your mother, but that SELinux or similar will be used by Steam and the Linux distributions to make sandboxing happen automatically behind the scenes.
Yes. Check out LXC (Linux Containers). I can clone a full Linux system, boot it and be at the prompt in well under a second. It can be a read-only root system, with vastly restricted permissions, easily shapeable/QoS-able virtual network interface, resource guarantees (disk I/O, CPU, memory, etc). Works kinda in to the OSX-style '.dmg' (distribute a "disk image") notion. I think the future of Linux consumer-oriented software distribution may be something evolving toward this area. IIRC ChromeOS under the hood uses this stuff a bit, havent taken it apart yet.
And, even if it doesn't do itself if the game does any networking then if there's any bugs in the networking code someone can use that as a way into your system.
Here's hoping Steam can build a sandbox.
Note: This is also the problem with systems like the old PC/Mac/Linux Boxee. How do I know the apps I'm one click installing can't read my whole HD? I don't :-(
Apple's App Store, Windows 8's app store, iOS's app store, Android's App store, and Chrome's App store all try to solve this problem. AFAICT Steam does not.