Adding binfmt configuration to official Wine packages
Bruno Jesus
00cpxxx at gmail.com
Mon Aug 22 10:52:06 CDT 2016
On Mon, Aug 22, 2016 at 11:57 AM, Rosanne DiMesio <dimesio at earthlink.net> wrote:
> On Mon, 22 Aug 2016 15:28:39 +0200
> Jens Reyer <jre.winesim at gmail.com> wrote:
>
>> >
>> > What are the security implications? Won't this make it easier for malware to execute without being Wine-aware, or am I just being paranoid?
>>
>> We don't enable binfmt in Debian for exactly this reason (see
>> https://bugs.debian.org/819255). So I'd also be interested in other
>> opinions.
Hi, I don't understand the security implications yet. If I download a
malware and run it like ./malware.exe or wine malware.exe what is the
difference? Also in a file manager double clicking exe run wine
correctly, why isn't this a security problem? What is a real example
of a malware that benefits from this?
>
> IMO, the majority of users aren't using AppArmor, and we shouldn't be creating security risks for them. I also think that users who are technically skilled enough to create multiple AppArmor profiles should also be capable of following instructions for enabling binfmt support themselves. The actual problem for this user (who started on the forum, btw) is that I have been unable to find step-by-step instructions for Ubuntu. (There are instructions on the Arch wiki, but the user reported they didn't work on Ubuntu.)
>
> My preferred resolution to bug 39884 would be WONTFIX with an explanation of why, but it would be nice if someone could come up with step-by-step instructions for enabling binfmt support for Wine on Ubuntu that we could link to or add to our Ubuntu wiki page (with a warning about the risks).
Fine by me, I just fail to understand the security risks.
More information about the wine-devel
mailing list