Wine being targeted for adware
Eduardo Menezes
companheiro.vermelho at gmail.com
Thu Jan 15 08:25:19 CST 2009
Well, Windows doesn't have multiple bottles (prefixes), each one with it's
own "windows" directory and registry. This is something "wine specific".
Managing prefixes is something "wine specific".
Just thought it is a nice feature to protect the rest of the system (your
home folder, for example) from some nasty application.
I do it by hand on some of my bottles (I separate bottles for each
application type and some of then I isolate from some parts of my
filesystem).
Just to be completely clear, by prefix and bottle I mean the same thing: the
~/.wine for example.
Best regards,
2009/1/15 Austin English <austinenglish at gmail.com>
> On Wed, Jan 14, 2009 at 7:23 PM, Eduardo Menezes
> <companheiro.vermelho at gmail.com> wrote:
> > I think a "isolate prefix" option in winecfg (or even winetricks) would
> be
> > very useful.
> > Undoing symlinks and editing the registry to take out the reference to
> the
> > root is boring (and I'm not sure only doing this is entirely safe) and
> this
> > kind of option would make it possible to run untrusted software without
> > worrying.
> > I even ran some malwares in isolated wine prefixes and used diff to see
> what
> > it did. Learned a lot from this.
> > Anyway, a "nice to have" feature.
> >
> > Best wishes and thanks for this amazing software,
> >
> > 2009/1/14 <wine-devel-request at winehq.org>
> >>
> >> Date: Wed, 14 Jan 2009 15:07:06 -0500
> >> From: Nicholas LaRoche <nlaroche at vt.edu>
> >> Subject: Re: Wine being targeted for adware
> >> To: Stefan D?singer <stefan at codeweavers.com>
> >> Cc: wine-devel at winehq.org
> >> Message-ID: <496E45EA.9060603 at vt.edu>
> >> Content-Type: text/plain; charset=windows-1252; format=flowed
> >>
> >> Stefan D?singer wrote:
> >> >> As long as the facilities exist for keeping an entire wine bottle
> >> >> isolated from other bottles (and ~/) I don't see this being a major
> >> >> issue.
> >> > They don't.
> >> >
> >> > Even if you don't have a drive link pointing out of a bottle, a
> Windows
> >> > app
> >> > running in Wine can still call Linux syscalls(int 0x80). This is
> >> > possible/needed because Windows apps run as a regular Linux process
> that
> >> > links in Linux libraries which perform linux syscalls.
> >> >
> >> > So any Windows malware can break out of the Wine "sandbox"(which isn't
> a
> >> > sandbox really) by simply using linux syscalls.
> >> >
> >> >
> >> >
> >>
> >> On more recent distros (FC9/10) SELinux is enabled by default. Rolling a
> >> policy specifically for an untrusted bottle would severely limit the
> >> damage it could do. It could restrict all unnecessary read/write/execute
> >> access outside of the ~/.wine folder for wineserver and the program.
> >>
> >> I see your point though, since none of the aforementioned security
> >> precautions are commonplace or specifically targeted to wine.
> >>
> >
> > --
> > Eduardo
> > "Toda Revolução é IMPOSSÍVEL até que se torne INEVITÁVEL!!!" (Leon
> Trotsky)
> >
> >
> >
> >
>
> Windows doesn't provide this, why would wine?
>
> P.S., please bottom post on wine mailing lists.
>
> --
> -Austin
>
--
Eduardo
"Toda Revolução é IMPOSSÍVEL até que se torne INEVITÁVEL!!!" (Leon Trotsky)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winehq.org/pipermail/wine-devel/attachments/20090115/581cf1b5/attachment.htm
More information about the wine-devel
mailing list