[Bug 8332] Applications and games using ICMP ping request report 'no connection to internet' (Wine 32-bit/64-bit preloader requires CAP_NET_RAW to create raw sockets)

[WineHQ Bugzilla]

https://bugs.winehq.org/show_bug.cgi?id=8332

--- Comment #29 from oiaohm <oiaohm at gmail.com> ---
(In reply to Olivier F. R. Dierick from comment #28)
> Hello,
> 
> My opinion is that someone should investigate what the anti-cheat of
> battlefield 4 is doing and change the staged patchset accordingly so that
> it's not necessary to use other workarounds.
> 
> Regards.

I kind of agree.

I was the one who introduced using capabilities over using run as root.  This
was after a few users running as root successfully had malware nuke their
complete computer.

We have users currently using capabilities in a very dangerous way and some of
them are getting hurt by it.  There is really no nice system either.

It would be good if we had like /etc/wine/security in that security item was a
list formated like

[wineprefix] [list of enabled capabilities]  

Of course anything not on the enabled capabilities for a wine-prefix would be
dropped if wine had it.   This would allow users to run some programs with
extra capabilities and others without instead of the current blanket allow all
or allow none usage people are doing.

Of course I would prefer if a method was found so capability options were not
required.   I am accepting reality here we are going to have to live with some
users increase capabilities on wine but we need to make it as safe as possible.

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.