Wine securityflaw.
Francois Gouget
fgouget at free.fr
Sun Oct 27 15:19:53 CST 2002
On Sun, 27 Oct 2002, Peter Andersson wrote:
> What is it with you people?
> I was just trying to make a point about the security risks about using wine
> at present. And you start flameing me?
We're not flaming you. We're just see big flaws with your proposal. We
also proposed alternatives that seem to make more sense to us.
Why don't you study how chroot or jail could be used in combination with
Wine to build a sandbox? As far as I know no-one has tried that and it
is possible that some changes in Wine could make things simpler to set
up. Of course, we won't know until someone actually tries this.
Also, I'm told that jail (available on FreeBSD) is much better than
chroot. chroot only restricts access to files while I believe jail can
also restrict access to other running processes and other system
resources. Unfortunately I don't think a jail-like functionality is
implemented on Linux. If you were to implement this I'm sure countless
people would be grateful.
http://docs.freebsd.org/44doc/papers/jail/jail.html
Finally you could wrap it up by writing scripts that would make it easy
to run Wine in a sandbox, and restore the sandbox to a clean state after
a program has been run.
--
Francois Gouget fgouget at free.fr http://fgouget.free.fr/
Demander si un ordinateur peut penser revient à demander
si un sous-marin peut nager.
More information about the wine-devel
mailing list