Services

Dustin Navea speeddymon at yahoo.com
Thu Oct 24 15:10:07 CDT 2002 

--- Steve Langasek <vorlon at dodds.net> wrote:
> On Thu, Oct 24, 2002 at 11:19:21AM -0700, Dustin
> Navea wrote:
> 
> > --- Steve Langasek <vorlon at dodds.net> wrote:
> > > On Thu, Oct 24, 2002 at 08:08:49AM -0700, Dustin
> > > Navea wrote:
> 
> > > Just as wine should not be run as root, file i/o
> in
> > > wine should NEVER be
> > > done in a security context other than that of
> the
> > > user running the Windows
> > > app.  Anything that would cause user data files
> to
> > > be written out under a
> > > different uid is broken.
> 
> > Thats not what I'm saying, what I'm saying is
> this:
> 
> Yes, that *is* what you're saying.  Having the file
> get saved to the Unix
> fs with owner and group wine is most definitely a
> user data file "[being]
> written out under a different uid."  That is
> absolutely out of the
> question.  I will never knowingly permit software
> that works this way
> to be installed on my systems.
> 

Not exactly, because as the fact that wine is the
program saving it, and wine is running under
user/group wine (in the future), it will save it as
user/group wine.

> > So he goes and changes the owner/group to
> > speeddy/speeddy, oepns the file in kword, adds a
> few
> > more lines, and saves it.
> 
> Um, and how exactly is this supposed to happen on a
> multiuser system?  You
> *cannot* change the ownership of a file without root
> privileges.

that is what im saying, he does:
sudo chown speeddy.speeddy /path/to/filename

  At best,
> if you have write perms on the directory the file's
> in and you have read
> access to the file, you can copy the file and delete
> the original, giving
> you a single copy that's owned by you.  But this is
> only the least of the
> reasons why Windows apps should not be writing to
> files as user "wine" to
> begin with.

I knew that much already ;)  But if wine is to run as
a "service" (i.e. load at bootup via an initscript)
and acutally be functional as well as user-friendly,
it will have to run in it's own account, just like
apache and pgsql do and like i believe named does...

-Dustin

__________________________________________________
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/

More information about the wine-devel mailing list