Patchwatcher security improvements
ambro at b4ever.net
Mon Sep 8 19:29:56 CDT 2008
> Also, it's possible some of your changes won't be needed
> after the refactoring... I plan to run wine-slave as a different
> user anyway...
That doesn't solve much; although in may look clean, it is not secure. The
user should have a limited amount of resources to work with. Your way, for
example, it can write the whole master Wine tree. With my patches, the master
tree is read-only for the user, and it only has its own copy to work with
which is never used again.
I plan to further improve things. In particular, killing stall processes is
not implemented securely now. As I have already mentioned, additional access
control is needed to produce a fully solid system. For example, disk access
should be limited (think about world-writable folders and stuff like
~/.bashrc), and memory usage should be limited as well (could patchwatcher get
killed when the patch starts consuming memory?).
Considering the refactoring, I see you are just some moving stuff into its own
file; I can easily adjust my code.
More information about the wine-devel