Wanted: small C program to drop all capabilities but cap_sys_ptrace

Henri Verbeet hverbeet at gmail.com
Wed Sep 29 09:08:26 CDT 2010

On 29 September 2010 15:42, Michael Stefaniuc <mstefani at redhat.com> wrote:
> On 09/29/2010 03:14 PM, Scott Ritchie wrote:
>> Ubuntu 10.10 is coming out soon, and its new kernel settings prevent
>> Wine apps from looking at each others' memory.  This breaks World of
>> Warcraft, among other things.  See:
>> http://bugs.winehq.org/show_bug.cgi?id=24193
>> What's needed is a very small shim for Wine that can be setuid 0, but
>> then release all capabilities except what Wine actually needs -- what a
>> normal user has, and cap_sys_ptrace.
> Pardon my ignorance but why is Ubuntu restricting the ptrace'ing of
> processing belonging to the same uid?

See http://lkml.org/lkml/2010/6/29/401 for some background on this. I
think the conclusion from that thread was essentially that ptrace
restrictions and the like should be done using something like SELinux

More information about the wine-devel mailing list