privacy and security
TimePath edited this page Apr 15, 2016
·
1 revision
Xonitic runs on top of the DarkPlaces Engine. When connecting to a server, the client may download and run QuakeC code for the gameplay. The security policies are:
- QC code can't create any symlinks.
- QC code can read anything below ~/.xonotic// including stuff pointed-to by symlinks (which, as the game can't create any, would have to have been placed by the user). It cannot read user's private key in ~/.xonotic/.d0si.
- QC code can write anything below ~/.xonotic/data including user's config.
- Paths are properly sanitized according to this policy.
- QC code can send arbitrary data back anywhere (by using the "connect" command).
Therefore, do not put any files you don't want to expose under ~/.xonotic
divVerent's answer in the forum