Another article that makes me want Wine to run in a sandbox
Ben Klein
shacklein at gmail.com
Sun Nov 8 05:25:53 CST 2009
2009/11/8 David Gerard <dgerard at gmail.com>:
> You'd get good sandboxing running Wine apps as another user. Main
> problem then is integration with the user's desktop. Doable, but a
> nuisance.
Not really. A separate Wine user wouldn't prevent people from running
Wine as root incorrectly, and if you integrate it with the normal
user's home directory, it's no longer sandboxed (or at least, no more
than separated wineprefixes).
I believe the type of sandboxing being discussed includes things like
preventing Win32 apps from breaking out into native calls using the
infamous interrupt trick. Correct me if I'm wrong though :)
More information about the wine-devel
mailing list