Security of WINE and ReactOS: was Documents and settings

[P. Christeas]

Just my humble opinion on this:
1. One reason Unix security model is still around is that it is simple. ACLs 
and such need more administration and are more likely to be configured wrong. 
Unix, on the other hand, is compulsory (you *have* to set the permissions 
everywhere) and simple. In modern kernels (I use 2.6) you can also have more 
detailed permissions (ACLs, capabilities etc.) but they don't seem to be 
popular..
2. Wine now runs in userspace, needing no privileges to operate. That's great 
because it protects itself both from bas win32 apps and bugs Wine may have. 
If it needed to obtain more system power, it would have to be in rootland. I 
wouldn't feel comfortable knowing that a win32 app runs on my system with 
some kind of root privileges.
3. There is a certain tradeoff between letting those permission-hungry apps (I 
recently came across an app that wanted to form its own ICMP packets) and 
being secure. IMHO restricting userspace apps is one reason Unix is secure 
(eg. no programmer will try to write an app that stores its data at '/' 
catalog, win apps may require write to 'C:\' or 'C:\windows\'). I prefer 
being secure. 

> Hello Alex,
>
> I am going to drag this semi-off topic for a bit while I plant some
> ideas in people heads.
>
>...
> Note I only know a little about the Local Securty Authority but I think
> its not going to be to hard to implement if Wine and ReactOS work
> together on it. /me just doubts how much he can write.
>
> The unix security design of users and groups with permissions is not
> bad its just outdated. The nice thing about Unix is adding new security
> modules via PAM is not to bad except they are only for authentication.
> The unix concept of groups, users and permissions needs to be moved
> forward about 20 years. The SELinux stuff has really helped alot in
> this regard. (Please dont flame its the truth)
>
>...