Posted August 17, 2015
immi101: If an attacker can place some malicious code under your user account, your account is already compromised anyway. Having write access to a game won't make that any worse.
eiii: No, placing the code on your system alone is only the first step. An attacker also must manage you to execute that code. If all the programs you execute are installed as system programs which you cannot overwrite as a normal user he has no chance. His code will never be executed. But when an attacker finds a file which you usually execute and which he can overwrite then he has won. And that's where your game binary comes handy, which you have installed as a normal user and which he can overwrite. So the attackers code will be executed when you start your game the next time. .bashrc, .xsession, crontab, autostart-entries from kde/gnome/etc, and probably a few more if you think about it a bit.
and those are a lot more reliable than depending on the user having game xyz installed and launching it.
Your scenario is only a real danger if the attacker has access to user account X and can overwrite file F which is usually executed by user Y. In this case he can extend his privileges to that of the user Y.
But here we have only user X and file F which is only executed by user X.
question is do you really want to miss a game because it has some "badly programmed" parts? You are gonna miss a lot of good ones.
I mean I would still read a good book even if it comes with a shitty cover and a bad binding. ;)