[Wine] Re : How to remove read access to / and my $HOME
Tom Evans
tevans.uk at googlemail.com
Mon Apr 21 05:38:01 CDT 2008
On Sun, 2008-04-20 at 15:40 +0200, Ove Kaaven wrote:
> Sylvain Petreolle skrev:
> > Hmm.
> > It means that a program looking specifically for that would be able to reenable it at any moment.
> > 1° Detect Wine,
> > 2° Reenable unixfs unconditionally,
> > 3° Do weird things with lots of unix files (especially if the user runs it as root)
>
> Why does that worry you? For anything Wine-aware, there's a far simpler
> way to get unlimited access to your Unix files.
>
> 1) Detect Wine
> 2) Do direct Linux syscalls
> 3) Profit
>
> Wine isn't a sandbox. There's no way you can prevent malicious software
> from accessing $HOME under Wine.
>
> Perhaps in the future it might be possible, if someone wrote some
> security module for Linux that only allowed syscalls from Wine builtin
> dlls and not PE native dlls or something, protected the dlls from being
> modified, and people otherwise tried to make Wine more secure. But for
> the time being, there's no shortage of attack vectors against Wine.
>
> (And yeah, definitely never run Wine as root.)
>
If you are feeling particularly paranoid, you could run FreeBSD instead
of (I assume) Linux, run X in its own jail, run your Wine apps in their
own jail (fiddling DISPLAY and granting access to the X server).
IMHO this is vastly more effort than the potential benefit. You could
probably get as much security as you wish by chroot(8)'ing wine.
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part
Url : http://www.winehq.org/pipermail/wine-users/attachments/20080421/e0ad2a37/attachment.pgp
More information about the wine-users
mailing list