Patchwatcher security improvements

Ambroz Bizjak ambro at b4ever.net
Mon Sep 8 19:29:56 CDT 2008


> Also, it's possible some of your changes won't be needed
> after the refactoring... I plan to run wine-slave as a different
> user anyway...
That doesn't solve much; although in may look clean, it is not secure. The 
user should have a limited amount of resources to work with. Your way, for 
example, it can write the whole master Wine tree. With my patches, the master 
tree is read-only for the user, and it only has its own copy to work with 
which is never used again.
I plan to further improve things. In particular, killing stall processes is 
not implemented securely now. As I have already mentioned, additional access 
control is needed to produce a fully solid system. For example, disk access 
should be limited (think about world-writable folders and stuff like 
~/.bashrc), and memory usage should be limited as well (could patchwatcher get 
killed when the patch starts consuming memory?).
Considering the refactoring, I see you are just some moving stuff into its own 
file; I can easily adjust my code.




More information about the wine-devel mailing list