Another virus-in-wine story
Dan Kegel
dank at kegel.com
Sun Oct 25 04:27:33 CDT 2009
On Sat, Oct 24, 2009 at 10:47 PM, Nicholas LaRoche <nlaroche at vt.edu> wrote:
> A few months ago there was a topic in wine-devel on the same subject. A
> toggle switch for portions of the wine API (i.e. networking), WINEPREFIX,
> and SELinux seems to make this a non-issue.
>
> The default wine SELinux configuration for Fedora 11 denies quite a bit of
> behavior. (Try compiling and using HEAD without setting the security context
> or entering permissive mode and you'll see what I mean).
>
> Does this even need to be handled at the wine level to prevent system-wide
> corruption? It seems like other security technologies already provide this
> protection.
We may want to lend a hand. For instance, I could imagine
the system needing some help to figure out how to allow
certain windows apps access to the network, and deny it
to others. And I think sandboxing a la chromium might end
up being a useful technique that would require some work on
wine's part to work well.
- Dan
More information about the wine-devel
mailing list