Adding binfmt configuration to official Wine packages
Jens Reyer
jre.winesim at gmail.com
Mon Aug 22 08:28:39 CDT 2016
On 22.08.2016 15:14, Rosanne DiMesio wrote:
> On Mon, 22 Aug 2016 00:24:29 -0300
> Bruno Jesus <00cpxxx at gmail.com> wrote:
>
>> On Sat, Jul 23, 2016 at 1:57 AM, Bruno Jesus <00cpxxx at gmail.com> wrote:
>>> Hi, I would like to please call for attention on bug
>>> https://bugs.winehq.org/show_bug.cgi?id=39884
>>>
>>> As far as I understand there are only benefits to users if we allow
>>> .exe files to run through binfmt, would it pose any kind of problem to
>>> add this configuration to our packages?
>>
>> It looks like nobody think it is a problem so I'll ask it to be added
>> in order to resolve the bug.
>>
>>
>
> What are the security implications? Won't this make it easier for malware to execute without being Wine-aware, or am I just being paranoid?
We don't enable binfmt in Debian for exactly this reason (see
https://bugs.debian.org/819255). So I'd also be interested in other
opinions.
E.g. above mentioned bug already states: "[binfmt] is also helpful for
security because it allows each Windows program to be run with different
AppArmor profile."
However this doesn't require automatically enabled binfmt support, just
the possibility to do so.
Greets
jre
More information about the wine-devel
mailing list