Another virus-in-wine story
Scott Ritchie
scott at open-vote.org
Sun Oct 25 20:14:34 CDT 2009
Stefan Dösinger wrote:
>
> Am 25.10.2009 um 10:57 schrieb Scott Ritchie:
>> Many apps don't need to view the user folder for documents but also
>> employ programmable scripting engines - a good example are games. It
>> would be much more convenient to pass some sort of "sandbox me, allow
>> network, deny home folder access" switch to Wine than to muck about with
>> stuff like AppArmor profiles.
> The usual reply to this is that Windows apps in Wine can just issue
> Linux system calls, so any Wine-based sandboxing is security by
> obscurity. You need something at the syscall layer.
>
Could Wine ship two binaries, one with an AppArmor profile blocking
syscalls and one without? Then a simple switch could tell Wine which
one to use and that functionality wouldn't need to be duplicated elsewhere.
Thanks,
Scott Ritchie
More information about the wine-devel
mailing list