Wine securityflaw.

Marcus Meissner meissner at suse.de
Thu Oct 31 09:31:16 CST 2002


On Thu, Oct 31, 2002 at 11:10:33AM -0300, Raul Dias wrote:
> My $0.02,
> 
> I always though of a wine as way to run windows apps
> better than windows.
> 
> Better also means "more secure" for me.
> 
> A way to make it more secure is to catch key API calls and decide if 
> the application is allowed to run it or not.
> 
> This would be easy to detect if an application is trying to delete
> a file, to open a network connection, or anything that could be 
> possible unsafe if not used correct.

...

The whole issue can probably addressed by very simple sandboxing:

	Just use a WINE pseudo user.

Then WINE and the windows applications can do only damage within 
the pseudo user context, which should be harmless.

Automated cleanup (like cron based kills or similar) would be easy.


Drawback: Does not scale well to a multi user system.

Ciao, Marcus



More information about the wine-users mailing list