looks

For Linux, my off-thr-cuff take is that I’m not that excited about it. It means that if you can launch a Unity game and pass it command-line arguments, then you can cause it to take actions that you want. Okay, but usually the security context of someone who can do that and the game that’s running should probably be the same. If you can launch a game with specified parameters to do something bad, you can probably also just do something bad and cut the game out of the picture.

This is why you have few suid binaries on a Limux system (and should never make something large and complex, like a Unity game, suid) — because then the binary does have a different security context than the launching process.

Now, it’s possible that there are scenarios where yiu couod make this badly exploitable. Say games have chosen to trust command-line arguments from a remote system, and that game has community servers. Like, maybe they have a lobby app that launches a Unity binary with remotely-specified command line arguments. But in that case, I think that the developer is already asking for trouble.

Most games are just not going to be sufficiently hardened to avoid problems if an attacker can pass arbitrary command lines anyway. And as the bug points out, on Linux, you can achieve something similar to this for many binaries via using LD_PRELOAD anyway — you cna use thst route to make fixes for closed-source Linux games.

It’s possible that this is more serious on Android. I donlt know if there’s a way to pass command line parameters there, but part of the Android security model is that apps run in isolation, and so if that’s exploitable by any local app, that could cause that model to break down.