[Wine] Re : How to remove read access to / and my $HOME
ovek at arcticnet.no
Sun Apr 20 08:40:47 CDT 2008
Sylvain Petreolle skrev:
> It means that a program looking specifically for that would be able to reenable it at any moment.
> 1° Detect Wine,
> 2° Reenable unixfs unconditionally,
> 3° Do weird things with lots of unix files (especially if the user runs it as root)
Why does that worry you? For anything Wine-aware, there's a far simpler
way to get unlimited access to your Unix files.
1) Detect Wine
2) Do direct Linux syscalls
Wine isn't a sandbox. There's no way you can prevent malicious software
from accessing $HOME under Wine.
Perhaps in the future it might be possible, if someone wrote some
security module for Linux that only allowed syscalls from Wine builtin
dlls and not PE native dlls or something, protected the dlls from being
modified, and people otherwise tried to make Wine more secure. But for
the time being, there's no shortage of attack vectors against Wine.
(And yeah, definitely never run Wine as root.)
More information about the wine-users