SDL: Document SDL's policy on setuid/setgid executables

SDL Commits
1 
From 76352f2931e7eca6e596ea290a227314e7248ba7 Mon Sep 17 00:00:00 2001
From: Simon McVittie <[EMAIL REDACTED]>
Date: Sun, 28 Dec 2025 17:51:38 +0000
Subject: [PATCH] Document SDL's policy on setuid/setgid executables

Stated briefly, the policy is: don't.

Resolves: https://github.com/libsdl-org/SDL/issues/14717
Signed-off-by: Simon McVittie <smcv@debian.org>
---
 docs/README-bsd.md       |  1 +
 docs/README-linux.md     |  1 +
 docs/README-macos.md     |  2 ++
 docs/README-platforms.md | 15 +++++++++++++++
 4 files changed, 19 insertions(+)

diff --git a/docs/README-bsd.md b/docs/README-bsd.md
index d823060d6f190..0f94470d18bf7 100644
--- a/docs/README-bsd.md
+++ b/docs/README-bsd.md
@@ -4,3 +4,4 @@ SDL is fully supported on BSD platforms, and is built using [CMake](README-cmake
 
 If you want to run on the console, you can take a look at [KMSDRM support on BSD](README-kmsbsd.md)
 
+SDL is [not designed to be used in setuid or setgid executables](README-platforms.md#setuid).
diff --git a/docs/README-linux.md b/docs/README-linux.md
index eebee1614ff7f..edd7019ed9cbc 100644
--- a/docs/README-linux.md
+++ b/docs/README-linux.md
@@ -8,6 +8,7 @@ system does not have the XRandR libraries installed, it will be disabled
 at runtime, and you won't get a missing library error, at least with the
 default configuration parameters.
 
+SDL is [not designed to be used in setuid or setgid executables](README-platforms.md#setuid).
 
 Build Dependencies
 --------------------------------------------------------------------------------
diff --git a/docs/README-macos.md b/docs/README-macos.md
index e5c75c1c813b2..147174c015e4c 100644
--- a/docs/README-macos.md
+++ b/docs/README-macos.md
@@ -73,6 +73,8 @@ NSApplicationDelegate implementation:
 }

+SDL is not designed to be used in setuid or setgid executables.
+

Using the Simple DirectMedia Layer with a traditional Makefile

An existing build system for your SDL app has good chances to work almost
diff --git a/docs/README-platforms.md b/docs/README-platforms.md
index 1b4d606e50452..fe7a51b179378 100644
— a/docs/README-platforms.md
+++ b/docs/README-platforms.md
@@ -45,3 +45,18 @@ All of these still work with SDL2, which is an incompatible API, but an

  • OS/2
  • WinPhone
  • WinRT/UWP

+## General notes for Unix platforms
+
+Some aspects of SDL functionality are common to all Unix-based platforms.
+
+### Privileged processes (setuid, setgid, setcap)
+
+SDL is not designed to be used in programs with elevated privileges,
+such as setuid (chmod u+s) or setgid (chmod g+s) executables,
+or executables with file-based capabilities
+(setcap cap_sys_nice+ep or similar).
+It does not make any attempt to avoid trusting environment variables
+or other aspects of the inherited execution environment.
+Programs running with elevated privileges in an attacker-controlled
+execution environment should not call SDL functions.