Request for patch removal
Kai Blin
kai.blin at gmail.com
Wed Jan 16 16:17:44 CST 2008
On Wednesday 16 January 2008 20:47:03 Stefan Dösinger wrote:
> Am Mittwoch, 16. Januar 2008 19:57:52 schrieb L. Rahyen:
> > We really need to fix that bug to allow reliable multiuser setups...
>
> Maybe the proper solution is one wineserver running globally, as a special
> user("wine", "root" or whatever), started at system boot.
+1 :)
>
> However, if we do this, we'll have to care for security. We need
> authentication, secure IPC, secure resource handle access, provide security
> updates, etc. Currently, we do not care much about security, and as a
> consequence, we do not give any code of wine any special privileges, so
> Wine is not a security thread(Other than allowing Viruses to run, but that
> is inherent to its functionality).
We can probably do this similar to Windows. IIRC you get a token at log-in
time to identify yourself with. I think running as a special user is
sufficient, I doubt running as root is necessary.
I figure once Wine 1.0 is out, we'll have to provide security updates anyway.
> But dealing with security requires manpower. We have to implement all this,
> audit the code, etc. Wine is already a huge effort, and we're starving of
> manpower. I think the existing manpower is better spent at improving our
> Windows API implementation instead of diving into security hell. Patches
> are welcome though ;-)
+100 ;)
Cheers,
Kai
--
Kai Blin
WorldForge developer http://www.worldforge.org/
Wine developer http://wiki.winehq.org/KaiBlin
Samba team member http://www.samba.org/samba/team/
--
Will code for cotton.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://www.winehq.org/pipermail/wine-devel/attachments/20080116/2110b268/attachment.pgp
More information about the wine-devel
mailing list