I installed Steam via the repo, whose client comes from some Github page. Now, I installed a non-Steam program to Steam, and when I browsed toward the game directory, the pulldown menus showed the content of directories that only SuperUsers should have access to, not even myself with my current login.
I am the SU of the system, but I wasn’t at the time that I started Steam, and naturally, I never run any game with root credentials.
I contacted Steam about it, and they told me that the Linux Steam client comes from some Github.
Another issue, perhaps related isue, is that Steam persistantly ignores the ‘disable cloud’ setting, and that it is extremely slow when logging in and starting games. Furthermore, at random moments, some Steam updater kicks in, proving that Steam runs things in the background.
So yeah, I am growing ever more wary of Steam, really.
And you can check further the validity of the package …
I have seen that before, and turned out that actually was 100% false positive. Unless you also provide the ways you arrived to your conclusion …
You can have custom location for your games. Without access to see those locations you could not set them up, but that does not mean that it can write on all of those locations. I really recommend this reading:
The only directories a normal user can’t see inside would be /root (the root users home directory) and other users home folder. And maybe a couple of subfolders inside /etc/. The rest is viewable by regular users just not writable.
Also, i would refrain from concluding of a malware presence because the software give you “access to repositories you shouldn’t have access to”. In order to last the longer possible, malware shall rather make their intrusion unnoticed for the longest time possible, thus avoiding giving itself away this obviously; unless it is a damaging type malware, in which case it acts from the get go to wreck your system.
They were the content of some mount points that I made in /mnt, and which have the credentials root:root 700. Even I myself get to see a little ‘x’ mark on those directory icons, and when I try to open them, Linux won’t do it.
The reason that I suspect malware is because it seems that Steam runs a program, next to the client, and that this alternative program has root permissions.
Atm, it is the only hypothesis that I have.
And it is not any program that can access those directories, including bash and nemo.