Wine being targeted for adware
Nicholas LaRoche
nlaroche at vt.edu
Wed Jan 14 21:41:48 CST 2009
Stefan Dösinger wrote:
>> I see your point though, since none of the aforementioned security
>> precautions are commonplace or specifically targeted to wine.
> A security measure targetted to wine would be a wrong thing IMO.
>
> Either its designed for Windows, then it will protect the Windows apps in
> Wine the same way. With exceptions of course, anything based on rootkits
> will probably never work, and it may not know how to deal with int 0x80
> syscalls
>
> Or design it for a generic Linux app, and it will protect the Windows app
> running in Wine(Windows app + Wine == regular Linux process). Again there
> are possible exceptions. Some security measures can break Windows apps, for
> example Adress space randomization can break apps.
>
> What works only in a very limited fashion is using Windows apps to protect
> the Linux system. You can use a virus scanner to do a manual check over your
> drives, but scan-file-on-open features will likely fail.
>
>
>
I've run into problems with ASR when using wine with some apps. If you
do a: `setarch $(uname -p) RL wine ./app` and disable ASR then it works
again.
Any security policy would have to be targeted as if the program was
written for Linux. It wouldn't be much more involved than limiting what
it can see and do just like policies that target httpd and other services.
More information about the wine-devel
mailing list