Does anybody have security concerns about running games with Proton/Wine? Games already have a massive attack surface and I can imagine there are some nasty bugs lurking in the compat layer that would enable RCEs not possible on Windows. This is kind of holding me back from making the jump.

▲

bigyabai 4 days ago | parent | next [-]

You can trivially sandbox your Steam installation with pretty much zero performance overhead, if you install it through Flatpak. Using an app like Flatseal, you can then configure Steam to only have access to a designated drive with next to no further contact to your PC. You can individually disable access to networking, audio, D-Bus, USB devices, Bluetooth, shared memory and even the GPU itself if you're really freaked out. No command line needed.

That being said, I just run Steam natively on NixOS and have never seen any issues. The biggest RCEs I'm worried about are Ring 0 anticheat nuking my desktop like CloudStrike.

▲

chrneu 4 days ago | parent [-]

>Steam installation with pretty much zero performance overhead, if you install it through Flatpak.

In reality that isn't true. Flatpak steam runs like poo for a lot of people. Really, flatpak should be avoided if there are other installation methods, in general.

	▲	WD-42 4 days ago \| parent [-]
		Flatpak works fine for me on Arch. I use it mainly to avoid needing 32bit libs installed. Once steam goes 64 I’ll go native.

▲

brians 4 days ago | parent | prev [-]

There are. But there are many more such bugs in DirectX on Windows, and it’s a much bigger target. If a national intelligence organization wants to burn a Proton zero-day on my Steam Deck, cool!