Lutris and security

Hello!
I was wondering how safe it is to install and use Lutris. I know the project is open source and everything, but theoretically could not a user/member of the community plant a virus/bitcoin-miner/keylogger/whatever into an installscript?

How is everything maintained when it comes to security?

Please provide a link with more information if you have (I have tried to search around for more information without any luck).

Thank you in advance.

That’s a good question, once thing you can do on any installer is view the script, like this https://lutris.net/games/install/1870/view and see what it does. Published scripts also go through moderation, so if you are using a published installer, at least someone else has looked at the code.

That’s good to know. (That published scripts go through moderation). Then I assume we are pretty safe using Lutris.
I guess I’m just having a hard time believing how easy it has become to install Windows games on Linux nowadays, with just a click of a button and you’re done. I just seems a little too good to be true, but here we are.

One thing though,
If I have a look at a very basic install-script. The one for Fallout: New Vegas for example. There’s literally only 4 lines of code:

game:
appid: 22380
winesteam:
Desktop: true

However, this script was last published 1 week, 1 day ago (counting from todays date). How come simple install-scripts like these gets updated so frequently for such an old game?

probably just someone figured out to improve compatibility by adding the Desktop: true line or removed some DLL hack that’s not required anymore.

this btw kinda ties into a suggestion i just posted (Make changes to a suggested game obvious and/or discussable) which is adding a log of changes so we can actually see earlier versions of installers and game info and why they were changed, both to understand mistakes and to make it easier to spot possible vulnerabilities/bugs that might have been introduced.

That’s a great suggestion, nochip!
Kinda weird when thinking about it that such a feature have not yet been implemented.

AFAIK a virtual WINE desktop is limited to 60 Hz/FPS, at least it does for me. Not the coolest if you have a monitor with more than 60 Hz

So please use this virtual desktop stuff only if it’s needed :slight_smile: e.g. Origin needs a virtual desktop for me to work

Also regarding security, Lutris doesn’t need root to run so that limits the damage it could cause to your system. If you wanted to be even more paranoid, you could make a lutris user and give limited permissions so it couldn’t read your files.

The install scripts are simple because there are a hierarchy of defaults for system options, runner options, game options. This means that if the game works with the defaults, it only needs a few lines. Wine games only need an appid since with the appid, games can be installed and launched.

Great to hear. Guess I’m just a little bit paranoid since I’m coming from Windows :wink:

But for now I have settled with just reading the actual install-scripts, checking the links in each script to make sure there’s nothing fishy going on and then just go with it. I trust the actual Lutris software and repo are safe since it’s open source and have a fairly(?) large community.

that’s definitely not something wine does on purpose. probably more an artifact of v-sync/buffering done by any of: the game (or stuff started by your game, like steam overlay / etc), your graphics driver or your compositor.