[Wine]WinNY and Wine

Tom Cavin cavin at MIT.EDU
Wed Jul 13 13:31:29 CDT 2005 

Hi Ray (aka Isaac),

The only programs you should ever run as superuser are those that were
designed to be run by superuser and then only under the conditions for
which the program was designed.  And even that is questionable practice.

As a general rule, if a user ever has to do anything as root, something is
wrong.

Yes, this is a "security precaution", but your use of the word "only"
indicates to me that you might have a limited view of security.

It isn't just Wine that you shouldn't run as root or superuser, it's any
program.  On any Unix or Linux computer system, a process running with root
(uid=0), (or in MS-Windows a process running with administrator
privileges) has unquestioned authority to change the system.

Execution privileges directly affect program functionality, and giving a
program too many privileges means you may be giving it more than it was
designed for.

The operating system doesn't care if the command to format the system disk
came from a command line of a logged in sys-admin who is wiping the disk
before disposal, or from an email virus automatically executed by Outlook
Express.  If the process issuing the format command has sufficient
privileges to wipe the disk ... it's history.

That's an extreme example, but there are many lesser issues that can cause
more subtle damage.  Programs that are designed to be run by
non-privileged users may normally probe parts of the file system in order
to find a place to store temporary files.  This probe can be as simple as
checking for read permissions, and a failed check causes the program to
look elsewhere for temporary file space.  A user program may try to store
information in the current directory, and if it can't write there it will
switch to a user's home directory.  If you run such a program as superuser,
the permissions check always succeeds, so you may end up writing files
anywhere on your system.

in the case of Wine, this is a particularly serious issue.  Wine is
designed to run programs that were written for a different OS.  Regardless
of anyone's opinion of the innate reliability of such code, running _any_
program in Wine is running it in a foreign environment that has different
rules than the program expects.

As an analogy, consider average drivers in their home country.  They
generally follow the rules of the road and know which side of the road to
drive on.  If you take those drivers to another country where the rules are
different, but you keep them on a restricted test track with no other
drivers, things can work reasonably well.  If you put those same drivers in
police cars with the sirens on and the lights flashing, in the middle of a
densely populated foreign city where they don't know the language or the
rules of the road, you are likely to have problems.  If you replace those
foreign human drivers with robots hard-coded to drive on the "wrong" side
of the street, the odds get even worse.

In my mind, that analogy is very close to what you do when you run Wine as
superuser.

There is one difference though.  If you do this on your own machine you are
only likely to hurt yourself.  It might be interesting to see what happens,
and it could even be a good learning experience.

But please don't do this on any system you (or anyone else) depends on.

Best Wishes,

     --Tom

Isaac Rabicoff writes:
 > Usurp,
 > 
 > I appreciate your response.  If possible, however, I would like for you to
 > go into greater detail as to why I shouldn't run wine as root.  Actually, I
 > always login as a user, then upgrade to super user (I realize this is
 > effectively the same as root).  To my understanding, not running programs as
 > root is only a security precaution and shouldn't affect program
 > functionality.  Am I wrong?
 > 
 > Thanks,
 > - Ray (aka Isaac)
 > 
 > ----- Original Message ----- 
 > From: "Sylvain Petreolle" <spetreolle at yahoo.fr>
 > To: <wine-users at winehq.org>
 > Sent: Wednesday, July 13, 2005 10:10 AM
 > Subject: RE: [Wine]WinNY and Wine
 > 
 > 
 > > Rule #1: dont run wine as root.
 > > --- Isaac Rabicoff <irabicoff at kc.rr.com> a écrit :
 > >
 > > > Hello everyone,
 > > > 
 > > > I'm trying to figure out how to run Winny2b71 with wine-20050111-r1
 > > > on 2005.0 Gentoo Linux with kernel 2.6.11 r11 (I thought the version
 > > > info might be helpful). The result is nothing-- no error message,
 > > > nothing loads, nothing flashes. I have the program installed in
 > > > /root/.wine/Apps/Winny2, and I use the appropriate ' wine "[path]" '
 > > > command to execute the program.
 > >
 > >
 > > Kind regards,
 > >
 > > Usurp (aka Sylvain Petreolle)
 > >
 > > humans are like computers,
 > > yesterday the BIOS was all
 > > - today its just a word
 > > _______________________________________________
 > > wine-users mailing list
 > > wine-users at winehq.org
 > > http://www.winehq.org/mailman/listinfo/wine-users
 > 
 > _______________________________________________
 > wine-users mailing list
 > wine-users at winehq.org
 > http://www.winehq.org/mailman/listinfo/wine-users

More information about the wine-users mailing list