[Wine] Re : How to remove read access to / and my $HOME

Ove Kaaven ovek at arcticnet.no
Sun Apr 20 08:40:47 CDT 2008

Sylvain Petreolle skrev:
> Hmm.
> It means that a program looking specifically for that would be able to reenable it at any moment.
> 1° Detect Wine,
> 2° Reenable unixfs unconditionally,
> 3° Do weird things with lots of unix files (especially if the user runs it as root)

Why does that worry you? For anything Wine-aware, there's a far simpler 
way to get unlimited access to your Unix files.

1) Detect Wine
2) Do direct Linux syscalls
3) Profit

Wine isn't a sandbox. There's no way you can prevent malicious software 
from accessing $HOME under Wine.

Perhaps in the future it might be possible, if someone wrote some 
security module for Linux that only allowed syscalls from Wine builtin 
dlls and not PE native dlls or something, protected the dlls from being 
modified, and people otherwise tried to make Wine more secure. But for 
the time being, there's no shortage of attack vectors against Wine.

(And yeah, definitely never run Wine as root.)

More information about the wine-users mailing list