ptrace, pokerstars and Ubuntu 10.10
Michael Fox
415fox at gmail.com
Sun Sep 12 05:35:27 CDT 2010
Another possibility I'd like to suggest for fixing this in wine,
though maybe more extreme, is to make wine a setuid program and use
setuid in server/ptrace.c
The reason to do this is that there is certain other functionality
necessary for implementing the windows API that is almost impossible
without setuid. For example the linux program 'ping' needs to be a
setuid program. I can't see how you could ever implement the Microsoft
ICMP API in wine unless wine has setuid.
On Sun, Sep 12, 2010 at 3:24 AM, Michael Fox <415fox at gmail.com> wrote:
> Hi all,
>
> There's a problem running wine under the new Ubuntu 10.10 (Maverick).
> They have enabled kernel security to prevent processes from using
> ptrace. This affects any wine programs which use ptrace which is
> surprisingly common. For example I found this bug because PokerStars
> wouldn't connect to the network.
>
> I have filed this as a bug with Ubuntu, but they might choose not to
> fix it depending on how committed they are to this new security
> measure. It is filed as:
>
> https://bugs.launchpad.net/ubuntu/+source/wine1.2/+bug/636278
>
> There is a simple workaround and it is to add the ptrace capability to
> wineserver using the command:
>
> sudo setcap cap_sys_ptrace=eip /usr/bin/wineserver
>
> I tried to submit this as a bug for wine, but it was closed because
> the maintainer felt there was nothing the wine people could do about
> the way Ubuntu sets their security. I would like to make the following
> suggestions:
>
> 1. Add a winetricks trick to fix wine on Maverick by executing: "sudo
> apt-get install setcap; sudo setcap cap_sys_ptrace=eip
> /usr/bin/wineserver"
>
> 2. Add an error message in wine when ptrace fails with error EPERM.
> This message should suggest the winetrick so the user will find it
> quickly. In my case it took quite a while to figure out exactly what
> was going wrong because there is no more terminal output when ptrace
> fails than when it succeeds.
>
>
>
> --
>
> -
> Michael
>
--
-
Michael
More information about the wine-devel
mailing list