Where to report malware?

sudo tree -L 3 -p /mnt

To replicate it:

sudo mkdir -p /testcase/content; sudo chmod 700 /testcase; sudo chown root:root /testcase

Now, open Steam, select Games → “Add a non-Steam game to my library” → Browse

Now you should find that you can browse into the /testcase directory, even though you yourself should not be able to access that directory.

Let me know plz how it went…

sudo mkdir -p /testcase/content
sudo chmod 700 /testcase
sudo tree -L 3 -p /testcase
[drwx------]  /testcase
└── [drwxr-xr-x]  content

Folder is not visible, since it cannot open /testcase :

1 Like

Ah thanks. That is very helpful information. So, apparently, it is not a common issue.

How did you add the screenshot to your reply, and get the code tag to line up nicely btw?

I’ll see if I can drop my screenshots here for you to look into it…

Well… if you run steam with root permissions, then it will find it. :man_shrugging:

Yeah just copy and paste it here (TL0 cannot since spam protection), but please don’t post screenshots of text. Use markdown code blocks for that.

1 Like

Thanks for how-to-reproduce. And I can’t - steam runs as myuser.
Post:

ps aux | grep steam

Use 3 backticks (```) before and after code. And don’t post screenshots of terminal.

1 Like

Content of /mnt:

drwxr-xr-x 5 root root 4096 May  3  2021 g
drwxr-xr-x 7 root root 4096 Apr  1  2021 o
drwx------ 4 root root 4096 Mar 31  2021 x

Posting the screenshot causes some problems. The site gives it the .jpeg extension while the screenshot is .png, and it says:

“An error occured. Sorry, you can’t embed media items in a post”

But the screenshot would show /mnt/x/1 and /mnt/x/2 listed in Steam’s pulldown menu.

TL0 restriction… you need to reach TL1.

That is normal… steam remembers paths. If you change it afterwards it will be still there.

But I set those permissions when I set up my system from the start. So still an enigma of sorts.

Then, perhaps, I did something with a sudo Nemo window when I had steam running.

But yeah, if the issue can’t be reproduced, there may be little point in reporting it indeed. But they may want to be informed about it nevertheless.

Meanwhile, I’ll contact Steam Support and ask them if I can somehow reset that pull-down menu. It’s probably some .json file somewhere in my Steam directory.

In case I don’t get replied anymore or send none, I already thank you guys for looking into it with me.

steam --reset

if you want to clean your Steam installation.

But the problem so far if I understand is that you can see the path of folders you shouldn’t have access to, folders you can’t list their content anyway in the Steam client (or can you list the content of these folders you shouldn’t have access to?)?

That is exactly my worry indeed.

I just shut down Steam, I’m gonna try the reset command now and see if those directories still show up. It’ll take some minutes, but I’ll report back here.

Nope, still no luck. The directories mentioned still show up.

Time to bother Steam Support, I’m afraid…

My question remains unanswered. How do I report malware to the Manjaro team?

No debate please about whether or not it is malware, I just need to know how to contact them.

Kindly,
A.

On the website there is a symbol, bottom left.
It opens a form
with the pretext containing this:

… the only support channel for users is via our Forums. …

So: you actually where at the right place all along :wink:

1 Like

Either this, or if it’s directly related to a package Manjaro maintains, then you can open an issue on Manjaros Gitlab instance for that package.

But you do not mention how you reached that conclusion.

If it is a custom package from AUR - it is unsupported and any use is at your own risk. The disclaimer on the AUR web page is equally valid for Manjaro.

DISCLAIMER: AUR packages are user produced content. Any use of the provided files is at your own risk.

Please educate yourself on AUR by reading the document linked

If it is a package inherited from the Arch repo - you would use the Arch bugtracker or the the relevant mailinglist.

If the package is built by a team member - it is relevant to contact the team - this is done on Manjaro gitlab or the relevant mailing list.

He can’t get rid of remembered directories in Steam pull-down menu or whatever, so he concluded it has to be malware. CVE incoming soon I guess…

You have to understand how permissions works and it is frowned upon to change initial system permissions on system folders as this may have unintended side effects.

The folder x is accessible only by root - but default umask creates folders as 755 - so you have deliberately assigned new permissions - unless of course the listing is all a part of trying to prove malware intent.

/mnt is a designated system temporary mount point - it is not recommended for permanent mounts.

Create a separate structure e.g.

sudo mkdir -p /games/g /games/o /games/x/1 /games/x/2

Then assign yourself as owner

sudo chown $USER:£USER /games -R

Change your fstab or rename and edit your mount units to reflect the new mount points.

That’s it and you have solved your false positive malware report.

That is easy to solve - locate the steam config - and remove the old history from config.

First cd into the steam folder

cd ~/.local/share/Steam/

There is different methods of search
If you know specific content you are looking for e.g. /mnt/x

grep -rl '/mnt/x'

Or you could be searching for configuration files

find . -name "*.vdf"

it seems local library configurations is held in several places with the name locallibrary.vdf - and it is not json - but some other json inspired format Steam Community :: Guide :: Editing .vdf steam controller files

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.