[Bug 49024] Malicious software able to alter, infect and/or destroy personal files
WineHQ Bugzilla
wine-bugs at winehq.org
Sun Apr 26 11:21:25 CDT 2020
https://bugs.winehq.org/show_bug.cgi?id=49024
Paul Gofman <gofmanp at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |gofmanp at gmail.com
--- Comment #3 from Paul Gofman <gofmanp at gmail.com> ---
As Rosanne said in comment #1, Wine is absolutely not a sandbox and is not
pretending to be one. As a very rough analogy, python is capable of running
python scripts, but do you expect it to protect you from some unwanted things
that scripts can do?
Probably the easiest and most lightweight thing you can do to limit the
potential impact of unwanted Windows programs under Wine is to run it under
separate user which does not have any excessive rights and does not have access
to any personal files or write access to anything besides its own files. Then
(unless the malware is specifically designed for Wine and will exploit host
security somehow) no software run in the prefix will be able to do what your
describe. There are other limitations which can be imposed, like disabling
access to network through iptables. Of course, this is still not a perfect
sandbox which might be not very easy to do right, but it will avoid many of
practical threats and won’t impose any performance penalty.
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list