Is there an existing issue for this?

• I have searched the existing issues

Is your issue described in the documentation?

• I have read the documentation

Is your issue present in the nightly release?

• This issue is present in the nightly release

Describe the Bug

All of the do/undo commands run in an elevated context which means it would be possible for those without administrator rights to execute scripts utilizing Sunshine at System level.

Expected Behavior

do/undo commands should execute under the users account, unprivileged like it does for launching applications.

Additional Context

This might be a complicated one to fix, because simply adding a checkbox to run elevated or not will not be an effective solution. The configuration file does not require administrator rights to modify, so as long as the file itself is editable by users this exploit will exist unless we either remove the elevation.

Host Operating System

Windows

Operating System Version

Windows 11

Architecture

32 bit

Sunshine commit or version

0.18.4

Package

Windows - installer

GPU Type

Nvidia

GPU Model

N/A

GPU Driver/Mesa Version

N/A

Capture Method (Linux Only)

N/A

Config

N/A

Apps

No response

Relevant log output

N/A