[Wine] Re: binding to privileged Linux ports (<= 1024)

oiaohm wineforum-user at winehq.org
Sat Feb 6 18:12:17 CST 2010 

mc2718.   The issue I have Flash policy server can be installed native running it inside wine will be costly on cpu time and ram with out any advantage. 

The policyfile is the same no matter what the flash policy server is running on ie Linux or windows.  It just returns information to flash client on what ports the client can or cannot talk so nothing OS related.

So there is zero justification for using wine to run a flash policy server.  Instead follow the instructions install a native one.

Next question what type of http server.   Is Apache fine if so again just use native.  Apache does have configurations to be local only.

<Directory "/">
  Order Deny,Allow
  Allow from 127.0.0.1
  Deny from All
</Directory>

That in the configuration for the apache site completely blocks anyone from accessing the site that is not on the current machine.   On top of that you can enable linux firewall to block all access external to port 80.  So 100 percent making sure no outside access will happen.

Big problem since you say local ONLY web server as if it is a requirement of project.   Using wine to run the web server is 100 percent not recommend on secuirty reasons.

Wine has had to so games and other bad behaving pprograms work emulate some of the flaws in the windows networking stack.  So anything running on top is not 100 percent secure and more likely to be a secuirty risk than using native.

People say to me all the time I am not in-control of the project.  That is not the matter you are in-control of your own machine.

This is the problem you turn CAP_NET_BIND_SERVICE on wine too many thing also get access to that permission.  Things you many not want having access to that permission.

Simple fact here mc2718 most web servers out there are on Linux or some other kind of Unix not windows.   At some point you have to learn how to configure and build site files for apache and how to install flash policy server on linux.

All the flash examples I know have instructions from adobe how to set them up on apache on Linux or Unix anyhow.

Remember apache site file native linux can make any directory a web site including a directory inside wine C drive as long as it is given the path to where it is and Linux secuirty module don't block it and it has permission.

Another issue about running on port 80 inside wine is if some day you forget and install apache or any other Linux web server from package management it will take over port 80 cutting the web server running in wine out.   Where the package management installed versions will warn you of possible problem if you try to install a different one from package management ie conflit.

Really stop trying to be lazy mc2718.   You are risking paying huge prices for it.

More information about the wine-users mailing list