[Wine] Re: Explain to me how I do not need root?
wineforum-user at winehq.org
Fri Nov 20 18:18:38 CST 2009
Truth is there is more than 1 solution to the secuirty Skaught
The one that needs the least amount of work is getcap/setcap ( capabilities ) CAP_NET_ADMIN (Name of a capability) is most likely over kill. Reason why I pointed to http://www.ibm.com/developerworks/library/l-posixcap.html Gives instructions to find out what capabilities wine/application is asking for.
I also pointed to a modern day tutorial to apply capabilities http://lwn.net/Articles/313047/
Basically different copy of wine binary with setcap applied. I see this as the most safe way to set it up.
selinux apparmor are LSM(Linux secuirty Modules) setuid bit should be used in-combination with the LSM's. Now you setuid but screw up the LSM settings you will have allowed way to much. I don't see this as a safe way for a beginner. Distributions use it but no way to I agree to it for a beginner.
Simple point here lot are taking the lazy way out Skaught. Then claiming there is no valid solution. Ie there are two valid solutions one is not newbie safe.
The security solutions are application neutral so most docs showing how to use them are application neutral.
Now you running into the secuirty system not liking you should be telling you something Skaught. The tool you are trying to run is administration level. System administration todo right even on windows is not simple so most people take the lazy way out and end up with there systems infected or other wise dead.
As soon as you getting into OS security there are sets of jargon you need to know and nothing is a single path option even under windows.
appdb is a short name we use for appdb.winehq.org site it contains information on how to make applications work. Just lot of instruction writers there are not secuirty safe.
I have a few bad things to say. Number 1 running ping plotter many times over in Linux is going to hurt. Wine is not light but there is a technical problem.
Raw packet limitation is going to kick you where it hurts most. Simple fact you will have the program picking up packets back that were sent by the wrong program from time to time.
I am sorry to say ping plotter is not upto the job you are trying to do Skaught I know of no tool upto the job to do what you are doing.
You need the following a tool that supports multi traceroutes sharing ping data. Key thing here is sharing ping data. If you are not sharing ping data things can screw up badly and also waste network traffic.
Now making multiable ping plotter work and not stuff itself over will involve virtual machines Linux + Wine + Virtual machine overhead. This is getting really painful. One instance per Virtual machine.
Now question becomes since its network monitoring should you be using network monitoring software instead. http://metanav.uninett.no/ , http://community.zenoss.org and many others these can talk to the routers and switchs in the system and extract more information. Of course that is if you have the legal right todo that.
lahmbi5678 you don't know secuirty. Distributions don't just apply chmod +s to ping. So your answer is another invalid. Everything can have bugs prevention beats cure. There is another reason why not to run as root. Not running as root prevents the error of the dll.so files of wine being overwritten so making wine non functional.
The risk is not just the application itself. It wine and the application. Wine is not a 100 percent stable program. People like you lahmbi5678 I hate seeing in winehq on freenode. You end up with your wine broken in strange ways so that when we say clear wineprefix the problem remains and normally don't own up straight up that you were running as root.
If you do then you don't like the response uninstall and reinstall wine before we do anything then don't run as root. Yes EEP what you are doing is pure stupid and makes diagnostics of wine problems harder. Little effort learning how to operate your OS secuirty right will make everyone's life simpler.
More information about the wine-users