ptrace, pokerstars and Ubuntu 10.10
adys.wh at gmail.com
Sun Sep 12 16:51:29 CDT 2010
Eric proposed a solution in this bug:
On Sun, Sep 12, 2010 at 11:35 AM, Michael Fox <415fox at gmail.com> wrote:
> Another possibility I'd like to suggest for fixing this in wine,
> though maybe more extreme, is to make wine a setuid program and use
> setuid in server/ptrace.c
> The reason to do this is that there is certain other functionality
> necessary for implementing the windows API that is almost impossible
> without setuid. For example the linux program 'ping' needs to be a
> setuid program. I can't see how you could ever implement the Microsoft
> ICMP API in wine unless wine has setuid.
> On Sun, Sep 12, 2010 at 3:24 AM, Michael Fox <415fox at gmail.com> wrote:
>> Hi all,
>> There's a problem running wine under the new Ubuntu 10.10 (Maverick).
>> They have enabled kernel security to prevent processes from using
>> ptrace. This affects any wine programs which use ptrace which is
>> surprisingly common. For example I found this bug because PokerStars
>> wouldn't connect to the network.
>> I have filed this as a bug with Ubuntu, but they might choose not to
>> fix it depending on how committed they are to this new security
>> measure. It is filed as:
>> There is a simple workaround and it is to add the ptrace capability to
>> wineserver using the command:
>> sudo setcap cap_sys_ptrace=eip /usr/bin/wineserver
>> I tried to submit this as a bug for wine, but it was closed because
>> the maintainer felt there was nothing the wine people could do about
>> the way Ubuntu sets their security. I would like to make the following
>> 1. Add a winetricks trick to fix wine on Maverick by executing: "sudo
>> apt-get install setcap; sudo setcap cap_sys_ptrace=eip
>> 2. Add an error message in wine when ptrace fails with error EPERM.
>> This message should suggest the winetrick so the user will find it
>> quickly. In my case it took quite a while to figure out exactly what
>> was going wrong because there is no more terminal output when ptrace
>> fails than when it succeeds.
More information about the wine-devel