Wine securityflaw.

Peter Andersson kanelballe at softhome.net
Sun Oct 27 16:43:27 CST 2002


On Sunday 27 October 2002 22.19, Francois Gouget wrote:
> On Sun, 27 Oct 2002, Peter Andersson wrote:
> > What is it with you people?
> > I was just trying to make a point about the security risks about using
> > wine at present.  And you start flameing me?
>
> We're not flaming you. We're just see big flaws with your proposal. We
> also proposed alternatives that seem to make more sense to us.
>
> Why don't you study how chroot or jail could be used in combination with
> Wine to build a sandbox? As far as I know no-one has tried that and it
> is possible that some changes in Wine could make things simpler to set
> up. Of course, we won't know until someone actually tries this.

Finally someone that takes my concerns serriously, thank you!


I agree. Using chroot could offer the functionality Im looking for.

I will try the chroot model for now, I have a feeling that this wont be enough 
though, but we will see. Something in the chroot manside got me puzzled:

...
...
...       
Only the super-user may change the root directory.

Note that this call does not change  the  current  working
directory,  so  that `.' can be outside the tree rooted at
 `/'.  In particular, the  super-user  can  escape  from  a
`chroot jail' by doing `mkdir foo; chroot foo; cd ..'.
...
...
...

I will have to figure out the consequences of this odd behaviour, 
it certainly dont sound very safe at first look. 
Maybe jail is much better, but it seems to require porting as you said.

//Peter





More information about the wine-users mailing list