[Bug 37355] Multiple software protection schemes need ntoskrnl ' MmMapLockedPagesSpecifyCache' implementation (Tages Protection v5.x, BattleEye's 'bedaisy.sys')

[wine-bugs at winehq.org]

https://bugs.winehq.org/show_bug.cgi?id=37355

--- Comment #28 from Richard Yao <ryao at gentoo.org> ---
(In reply to Richard Yao from comment #27)
> I could see someone writing a really tiny root daemon that allows a process
> to gain access to a file descriptor of a child’s address space in any case
> that ptrace allows access and having the wine server talk to it. It should
> be possible to do that in a secure manner.


Let me reword that, it should be!

I could see someone writing a really tiny root daemon that allows a process to
gain access to a file descriptor of the address space of another process in any
case that ptrace allows access and having the wine server talk to it. It should
be possible to do that in a secure manner.

ptrace allows access to every process on the system if you have root, child or
non child. The same goes for processes owned by the same UNIX user if I recall
correctly. It would possible to add restrictions to such a daemon to lock it
down, such as allowing only descendant processes and/or processes that are
certain executables though. However, those restrictions should be enough to
give Wine what it needs.

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.