[Wine] Limiting the execution of Wine to allowed programs
martin at gregorie.org
Wed Jan 11 13:04:24 CST 2012
On Wed, 2012-01-11 at 10:19 -0600, tomsawyer2k5 wrote:
> So what you're saying is that Wine can see beyond the .exe extension
> and run the executable for what it is, not by what it's named by.
> Doesn't that kinda defeat the purpose of having file associations?
Not at all: The use of executable permission bits goes back to the dawn
of UNIX in around 1970, when extension had no real meaning except to the
human users of the system except where it was hard wired into programs
like compilers. The idea of associating a <<data file extension>> with a
the program the user prefers to handle that type of data with appeared
after e-mail readers learnt to decode attachments and is a similar
mechanism, hence referring to the associations list as MIME
> So I guess my next idea is a bust too. I was thinking that I should
> change the extension of the three games to something like ".lxx" and
> then have Wine associated with the .lxx file extension and remove
> Wine's .exe file association. That way when the kids download some
> exe from the internet and try to double-click it, they will be given
> the prompt of which program to run it with. At this point they will
> be confused, since they don't know about Wine, and give up. I guess
> this is a no go then?
Nope - won't work because, as you saw, Linux binary loaders look at
what's in the file (they have to - there is more than one legal binary
format and a different loader for each). FWIW there are other places
where this occurs: some image handling programs do the same and for a
very similar reason, e.g. think different JPEG versions.
Use the access controls to build your unauthorised programs trap -
that's what they are there for.
And, while you're setting that up, you should consider that Windows
programs are mostly designed to be used by just one person sitting in
front of a PC that's dedicated to their use and has an installed copy of
the program. These programs can and do hack about with the registry,
which can cause merry hell, app crashes and data file corruption if more
than one person is trying to use the same program at once via Wine on a
Linux box. IOW, if this can happen, you need to build a mechanism to
prevent simultaneous use of the same program. Linux permits this and is
designed to support it because its always been a multi-user system, just
like UNIX before it. As a result Linux programs are designed to allow
simultaneous use by more than one person and this includes Wine itself.
However, Wine was designed to work on the assumption that every Wine
user has installed their own copy of a Windows app in their own
directory, so it does not prevent simultaneous use of the same Windows
app and never will do so.
More information about the wine-users