Wanted: small C program to drop all capabilities but cap_sys_ptrace
Alexandre Julliard
julliard at winehq.org
Wed Sep 29 09:12:39 CDT 2010
Scott Ritchie <scott at open-vote.org> writes:
> Ubuntu 10.10 is coming out soon, and its new kernel settings prevent
> Wine apps from looking at each others' memory. This breaks World of
> Warcraft, among other things. See:
> http://bugs.winehq.org/show_bug.cgi?id=24193
>
> What's needed is a very small shim for Wine that can be setuid 0, but
> then release all capabilities except what Wine actually needs -- what a
> normal user has, and cap_sys_ptrace.
I don't think that's a good idea. CAP_SYS_PTRACE allows access to any
process, so it's a lot more dangerous than the standard ptrace checks
that Ubuntu decided to break. Going back to the default behavior is
probably safer than making Wine setuid...
--
Alexandre Julliard
julliard at winehq.org
More information about the wine-devel
mailing list