-
Notifications
You must be signed in to change notification settings - Fork 173
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Steam prompts Network Manager without admin permissions #7856
Comments
I can confirm both issues:
Possible workarounds:
The really bad thing here, that you cannot do anything else, use any other application while the permission dialog is up.
|
Want to highlight: unlike @nhnb it doesn't lock up my system, nor does it prevent me from doing anything else, it just sticks around annoyingly. [Closing repeatedly also didn't work for me, but maybe I didn't close it enough times.] Also, an addendum: I use Unity rather than Gnome (when Ubuntu made the swap I stuck to what I was used to), in case that ends up mattering. I don't believe my machine has anything else relevantly distinct from a standard Ubuntu install. |
I've seen this on OpenSUSE Leap 15.2 since the recent Steam update and it persisted after upgrading the OS to 15.3. I've worked around it by writing the following to
I suspect it wouldn't happen if the connection didn't have the "All users may connect to this network" flag set but I didn't try changing that. Again, I shouldn't have to. |
I'm also seeing this since the update before the update that takes you to runtime 0.20210518.3 (June 8th 2021). I can also confirm the steam client specifically trips the polkit rule for For some distribution set-ups (such as default Ubuntu 20.10) this blocks the desktop environment. I can also confirm that if you click "cancel" a sufficiently large number of times (order of 50 or so), the message eventually goes away and the client runs normally --- suggesting it really doesn't need the privileges it is requesting. I would like to reiterate the concerns of others:
Please please revert to the normal behaviour or at least provide a justified reason for the new behaviour together with a better workaround than clicking cancel 50 times. I do not wish to give sudo access to users on my system just so that they can run Steam games, nor do I wish to unnecessarily modify polkit default policies. |
I just wanted to share something I noticed monitoring the dbus communication: What steam is doing (and is triggering the "modification of network settings for all users") is a call to |
Well that's concerning... |
I can confirm this steam behavior on Ubuntu 20.04.2 LTS |
I'm also affected on Debian 10. I worked around it with a file at
Change the
|
@joaormatos does this allow or reject the request from steam? If this rejects, you are my hero. |
Yes, it rejects the request without prompting. But it's rejecting all requests from the specified user, not just Steam. There's probably a better way to do this by more thoroughly isolating Steam from the rest of the system. |
Well, ideally Valve puts a setting in somewhere for whatever it is they think they need this access for. But I'll take what I can get. |
So this bug still exists. Why does this page even exist if it is being ignored? Or is there any word from Valve somewhere else about this serious security issue? |
@kisak-valve - as you are apparently monitoring this, you can please specify why steam needs to modify network settings? |
Looking at https://github.com/flathub/com.valvesoftware.Steam/blob/9f376cf5adf73d5d1777c55d0283ea48567b3e4b/com.valvesoftware.Steam.yml#L23 this may be some stray SteamOS functionality leaking through. I can confirm that on NixOS, the flatpak version (as well as regular version) of Steam also shows this behavior. I can also confirm that with the flatpak version, you can selectively block dbus access from steam to networkmanager, by running
without compromising other dbus-based functionality. When asking around, I have learned that on fedora no admin popup has been observed (probably due to more relaxed security), which would explain the lack of larger interest on this ticket. This whole debacle suggests to me that it would be prudent to increase and tighten the sandboxing for steam and other proprietary software across all distribution mechanisms. |
This is related to a startup slowdown in case of missing NM #4979 Flatpak actually enabled NM access to work around flathub/com.valvesoftware.Steam@b56d7b7 @kisak-valve please help us get this fixed properly, EDIT: Everybody, please excuse the previously strong wording. That was written in the heat of the moment. |
This is annoyingly still occurring on a fresh Steam + Debian install I set up for my son. |
Another workaround for experienced users: if you use NetworkManager with iwd backend then you can simply remove wifi password from NM config and it should still work as iwd can connect with only pre-shared key. This way you don;t have to block dbus access and shouldn't get the aforementioned startup delay. |
I stumbled upon this problem recently on OpenSUSE Tumbleweed and it was very annoying. However there are two simple workarounds: a temporary one and a permanent one (i.e. a possible solution) with security implications that are not entirely clear to me: Method 1: Start Steam with Wifi disabled, then enable it afterwards. It will not ask for admin rights anymore for that session (but it will next time). Method 2: In KDE Plasma 5, in the NetworkManager GUI (System Settings > Network > Connections), Disable "All users may connect to this network" for your Wifi connection, and add your own user to the allowlist in Advanced. Steam will not ask for admin rights anymore. |
This seems to have gotten worse with the latest Steam client update. Now it's asking me periodically (at random, it feels) when Steam is running. |
Encountering this issue on current OpenSuSE Tumbleweed. I tried to resume from suspend after my wifi went out during a storm (knocked down some power lines) and steam began continuously asking for password. I couldn't get it to stop, so I had to switch to a tty and reboot. I don't have any nonstandard wifi configuration, so simply put: how is this still an issue? It's been almost a year with multiple confirmations and suggested workarounds, but this is clearly an issue with the steam client's own code. With all the work put into proton and Vulcan, how are we messing up the little things? Edit: I now see that there are 2000 open issues. I retract my statement. |
Still have this issue. With the latest update Steam even couldn't connect to the network even though my network was fine. |
Yeah, I'm having this problem on Ubuntu 20.04 after an update today. Even if I enter my password for sudo it just keeps popping up. I can't do anything unless I hit cancel a lot. Update: I was having a problem with sudo in any GUI dialog, which I fixed with |
Happening on lubuntu 22.04 LTS fresh install. Can't let anyone else play on it without me being around to enter password.. |
Yeah, this is the critical problem. Steam is on the computer connected to my TV so that the kids can play games. No way am I giving them sudo access! |
Don't forget the workaround I mentioned. It's still working here. |
+1 for wanting an answer of why Steam is doing this. I also assume misunderstanding/bug/incompetence over malice, but being not open source means we rely on trusting Valve about their software, and they wouldn't be the first company to snoop on wifi passwords and later go, "oh no! I'm sure we didn't mean to do that, it was... a mistake" I'm very much in favour of this being fixed correctly -- which I, in my limited wisdom presume means either Steam not doing this, or having a very clearly documented reason -- not by smoothing it over for convenience (say by bypassing the policykit restriction willy-nilly by default) |
They seem to be iterating over the saved WiFi connections. If even one is set to be usable from all users, the dialog is triggered (as all users settings can't be modified without root credentials). Removing all "all users" ticks will skip the dialog. I guess this comes from SteamOS, where they need to manage its connections. |
Okay. If using flatpak, please ensure that you have that dbus access allowed for testing Valve change. |
After removing the polkit rule and updating steam, it no longer asks me for Superuser access upon starting the steam client. So it appears to work for me at least. |
Ive changed it on a different device, and unfortunately the issue persist on that one. It does not appear to have been resolved entirely yet. |
Update to beta version had not resolved this issue for me. |
Ubuntu did release a "snap" with steam, in beta preview. In that "snap", the problem is not present anymore. |
shouldn't this be labeled a bug / security issue? harvesting network secrets seems pretty fucking shady. |
I cannot believe it is still here in 2023. |
Using flatpak repackage of Steam does not exhibit this issue FWIW. |
I got same error on opera too(I swithced wired network after issue btw) I think it is not about steam It is about something in freedesktop api or gnomes itself. When you connect to the wifi in any account other accounts get this error. Just connect wifi in that account and issue will be resolved. |
Adding the user to the netdev group seems to have worked for me on Ubuntu 22.04 |
@kxmas be aware that doing so grants steam the (inappropriate) access to your Wi-Fi secrets, and widens your attack surface as it allows anything you run direct access to your network stack, for example capturing packets between daemons running locally. |
Only because it no longer needs to ask permission for access to network secrets and passphrases. |
Works for me on current Tumbleweed! |
@tvogel thanks for that, I'll have to give it another go, myself. It's a fast-moving distro, as we both know :P |
Issue confirmed on Debian 10.7 |
There is a workaround here: Looks like Valve wants to open "server" ports on clients. |
easy work around i found that does not break anything inside steam: |
And what is that command actually doing? |
steam installer deb should make this modification. Why there is nobody assigned to fix this? |
it starts steam without dbus access, but at least for me doesn't allow me to sign in. It's especially weird considering steam didn't do that until today for me. I mean the prompting for modifying a system connection |
The only workaround that worked for me was the dbus variable. Fixes the issue completely and it's still working as intended. |
Also occurs on Debian 12 with Gnome and a non-admin user. Multiple popups that will not go away whether a password is provided or not. Disabling DBUS for Steam via envvar appears to be a workaround, and this appears to be the best way to do that. Come on, Valve! Folks who this occurs to, please subscribe to and put a +1 on this issue.So far we have these distros:
and these WMs:
I think the problem has been sufficiently described... |
Also occurs on KDE on Debian 12 |
This is not a distro or desktop environment specific issue. Anyone who has dbus and a network management tool (perhaps just NetworkManager) that listens on it is at risk. Polkit just makes the violation of expectations (and data privacy) obvious. |
I can confirm that this workaround seems to work on an up to date OpenSUSE tumbleweek |
Recently, I was getting the authentication prompt not just at Steam startup but periodically when running games. After implementing the disabling DBUS workaround, both instances have gone away. |
I have also coming the same issue on ubuntu 22 version twice once i had triple boot then i deleted the kali then it resolved but agian it show to me after booting my system, idk what should i do? |
Your system information
Please describe your issue in as much detail as possible:
Whenever I start Steam on my non-admin account, I get a prompt from NetworkManager to change global network settings [which I can't, because I don't have permission]. This prompt cannot be removed so long as Steam is open - closing the window or killing the process just reopens another prompt. Closing the window continues to make a new prompt even after Steam is closed. [Exiting Steam, then killing the process does remove the prompt though.]
Steam then boots up and runs games seemingly just fine. I think there are then issues with cloudsaves, but am not easily able to confirm that. [I tried a fresh reinstall to see if it resolved the issue, but (a) it did not and (b) that caused other problems that I would need to resolve first.]
This is new since something like Monday or Tuesday, so presumably an update (but IDK if it's Steam or Ubuntu). [Also, it's not just me; see also this recent post: https://steamcommunity.com/app/221410/discussions/0/3106901665845459558/]
Steps for reproducing this issue:
Boot Steam on Ubuntu 20.04 on non-admin account [if there are more conditions, I don't know them]
The text was updated successfully, but these errors were encountered: