[Wine] Gatecrasher infecting wine?
Yuriy Kaminskiy
yumkam at mail.ru
Tue Feb 9 11:05:50 CST 2010
On 09.02.2010 13:31, josebelda wrote:
> Thank you very much for your reply.
Note, that unless worm/virus/troian specifically targets wine, removing ~/.wine
would be enough, re-formating whole system is not necessary.
Running wine from separate user (that cannot easily obtain root via sudo [like
usual "desktop user/admin"], does not have access to private user data
[~/.mozilla/*/*/{signons,cookies}* and alike], and, maybe, limited network
access [with something like
iptables -N winejail
iptables -A winejail -j REJECT
iptables -A OUTPUT -o ! lo -m owner --uid-owner wineuser -j winejail
plus some rules to specifically allow network on some ports/addresses:
iptables -I winejail -p tcp --dport 80 -j ACCEPT
iptables -I winejail -p tcp -d ${dns-server} --dport 53 -j ACCEPT
iptables -I winejail -p udp -d ${dns-server} --dport 53 -j ACCEPT
]) would also help limit damage from such incident even with wine-aware viruses.
BTW, does anyone know if wine-aware malware (that able to use int $0x80 to
bypass ~/.wine/dosdevices jail, etc) already exists in the wild, or it is still
only theoretical threat? :-)
PS And I don't know, where topicstarter got idea, that port 6969 is used only by
malware - as quick lookup at google:// shows, this port frequently used by
torrent trackers.
More information about the wine-users
mailing list