Process for reporting security bugs?

Rosanne DiMesio dimesio at earthlink.net
Tue Aug 13 06:39:15 CDT 2013


On Mon, 12 Aug 2013 23:29:51 JST
achurch+wine-devel at achurch.org (Andrew Church) wrote:

>
> 
> Note that removing the default "z:" drive mapping will NOT prevent Windows
> applications from reading your entire filesystem!  In addition to the
> Windows share, malicious programs could detect that they are running under
> Wine and execute native Linux system calls to get around any restrictions
> imposed by Wine.  Consider running programs you don't trust in a virtual
> machine instead.
> """

Already in the FAQ:  

11.2. How good is Wine at sandboxing Windows apps?

Wine does not sandbox in any way at all. When run under Wine, a Windows app can do anything your user can. Wine does not (and cannot) stop a Windows app directly making native syscalls, messing with your files, altering your startup scripts, or doing other nasty things.

You need to use AppArmor, SELinux or some type of virtual machine if you want to properly sandbox Windows apps. 

-- 
Rosanne DiMesio <dimesio at earthlink.net>



More information about the wine-devel mailing list