Fwd: A basic implementation for increased security in wine proposal

[Stefan Dösinger]

> I stand corrected, as it appears I was way too naive in my understanding of
> software security, hence the example I provided.
IMHO the whole discussion is moot.

Any Windows app can easilly bypass *any* security measure in Wine by calling 
int 0x80, and there's nothing we can do against that other than running 
the .exe code in a real virtual machine(which would break the whole "Wine is 
not an emulator" thing).

And as Marcus pointed out, as soon as it is running it can already do 
everything the Linux permission allow. It doesn't have to use broken API 
calls to do bad things.

A point where we have to take a look at security concerns is when we get data 
from the application that is potentially from somewhere outside the app. E.g. 
Half Life 2 loads MOTDs from servers which are HTML pages and passes them to 
our HTML control. Or MS Paint opens a jpeg file and uses Win32 API functions 
to parse it.

Protecting Wine against the application won't work.  Protecting Wine(and the 
application) against the application's data is what we have to do.