Services

Dustin Navea speeddymon at yahoo.com
Thu Oct 24 10:08:49 CDT 2002


--- Martin Wilck <Martin.Wilck at fujitsu-siemens.com>
wrote:
> Am Don, 2002-10-24 um 15.43 schrieb Dustin Navea:
> 
> > Another potential problem popped into my head
> though,
> > and that is:
> > 
> > what if someone edits the initscript to where wine
> > runs as root (or someone compromises the server
> and
> > does it), 
> 
> If the system is already compromised it is too late
> anyway.
> Some intruder who can change init scripts already
> has root rights and
> probably wouldn't bother with wine.
> 

They may do it anyways so that they have a 2nd way in
(for after the original security hole is closed)

> If sysadmin himself changes the init script to run
> wine as root it is
> his own fault (he could as well have their apache or
> bind run as root,
> also a bad idea for both).

True.

> 
> > or what if someone just changes the
> > owner/group on the file (like a word doc), and
> then
> > tries to run it with wine, what happens then?
> 
> Unless wine has some suid capabilities (which it
> shouldn't) 
> this has no impact - wine runs in the account of the
> user who opens the
> file (runs word).
> 

I was actually thinking more from a read the file
standpoint, i.e if in the future wine runs as a
service with its own account, would wine be able to
read the file after someone changed the file's owner
from wine to, say user speeddy, or would it just say
access denied and not let you read the file, therefore
making you have to redo the permissions or make it
owned by wine again.

A good example would be, say user speeddy wants to be
able to edit a file in word sometimes and in kword
other times.  If in the future wine has it's own
account, will wine be able to read AND write the file
no matter who it is owned by, without having to modify
permissions on the file, or will the user have to
change to owner to wine when he wants to modify it in
word and change the owner to speeddy when he wants to
edit it in kword.  Maybe I'm missing the point
altogether, but isnt the whole point of having wine as
a service in the future to make it easier to use while
still being safe?  I do believe that some "namby-pamby
mouse-addicted beginner" to linux is not going to want
to change owners on the file each time he uses a
different program to edit it, nor will he even know
how to, which therefore makes the useability factor go
_way_ down.

__________________________________________________
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/



More information about the wine-devel mailing list