New SetThreadPriority patch

Mike Hearn mike at
Sat Apr 15 13:48:56 CDT 2006

This one uses POSIX capabilities to drop all root privs except for
CAP_SYS_NICE, therefore, this is reasonably secure.

There is one catch. For some reason a suid root app cannot read
/proc/self/exe so relocatability isn't used, and anyway it'd be
insecure even if it could as you could hard link wineserver then trick
it into loading a malicious library relative to $ORIGIN.

I think I will investigate this a bit more, but perhaps later. For now
this is fine for RPMs and packages etc, which install to /usr, as they
can simply "chmod +s wineserver" and have apps with solid audio.

thanks -mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: scheduler2.patch
Type: text/x-patch
Size: 4984 bytes
Desc: not available
Url :

More information about the wine-patches mailing list