Wanted: small C program to drop all capabilities but cap_sys_ptrace

Alexandre Julliard julliard at winehq.org
Wed Sep 29 09:12:39 CDT 2010

Scott Ritchie <scott at open-vote.org> writes:

> Ubuntu 10.10 is coming out soon, and its new kernel settings prevent
> Wine apps from looking at each others' memory.  This breaks World of
> Warcraft, among other things.  See:
> http://bugs.winehq.org/show_bug.cgi?id=24193
> What's needed is a very small shim for Wine that can be setuid 0, but
> then release all capabilities except what Wine actually needs -- what a
> normal user has, and cap_sys_ptrace.

I don't think that's a good idea. CAP_SYS_PTRACE allows access to any
process, so it's a lot more dangerous than the standard ptrace checks
that Ubuntu decided to break. Going back to the default behavior is
probably safer than making Wine setuid...

Alexandre Julliard
julliard at winehq.org

More information about the wine-devel mailing list