[Bug 48889] Debian packaging: set cap_net_raw to allow sendings ICMP packets
WineHQ Bugzilla
wine-bugs at winehq.org
Tue Apr 7 03:38:08 CDT 2020
https://bugs.winehq.org/show_bug.cgi?id=48889
--- Comment #9 from Luca Boccassi <luca.boccassi at gmail.com> ---
(In reply to oiaohm from comment #8)
> (In reply to Luca Boccassi from comment #7)
> > (In reply to Olivier F. R. Dierick from comment #6)
> > > Hello,
> > >
> > > Silently default to disable, otherwise we'll get heap of people complaining
> > > that it ask a question about something they don't need.
> > >
> > > People that need it will look for a way to fix their application and will
> > > find the instructions in the wiki/appdb/howto, or we'll tell them on the
> > > forums/bugzilla where to find them.
> > >
> > > Regards.
> >
> > Ok, I'll send an updated patch in the next couple of days.
>
> Really the current patch needs to be junked its simple wrong. The work
> around people are doing to run games is also major security wrong.
Thanks for the (unprompted) lecture on cap_net_raw, but we know how it works
and what it does. The entire point of wine is to run untrusted, third-party,
proprietary and closed-source binaries. If you have confidentiality
requirements on a machine and you choose to install it, I'm afraid you already
lost.
For some users, like yourself, adding net_raw might be a step too far - then
you are of course free not to enable it. I'm fine with having it off by
default, that's not a concern really. It can even be a low priority debconf
option, so nobody will see it unless they go look for it. Other users for whom
the distinction is perfectly meaningless can instead choose to enable it and
have working applications.
For some software it's worth going to extra steps and spend extra time to drop
what's not needed at runtime, and much more. But let's face it, it's really not
the case here: this is about being able to occasionally run a couple of games,
not production-critical workloads.
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list