Another article that makes me want Wine to run in a sandbox

Dan Kegel dank at kegel.com
Sun Nov 8 09:18:45 CST 2009


On Sun, Nov 8, 2009 at 3:25 AM, Ben Klein <shacklein at gmail.com> wrote:
> I believe the type of sandboxing being discussed includes things like
> preventing Win32 apps from breaking out into native calls using the
> infamous interrupt trick. Correct me if I'm wrong though :)

No, I was thinking of native sandboxing, so even if they did
manage to make native calls, they couldn't do any harm.
Running as another uid is a fine example of a native sandboxing
technique.  (So, on a single user system, you could have a
uid dedicated to running sandboxed apps, and it would be
unable to affect the regular user's data.)  This would
only be useful for apps that don't need to load or save user data
(probably), for example, for casual games.



More information about the wine-devel mailing list