[Wine] how to disable root / filesystem access
jjmckenzie51 at earthlink.net
Sat Jan 23 20:15:56 CST 2010
> vitamin wrote:
>> jeffz wrote:
>>> It never sandboxed anything, even if you removed Z:
>> It does. Only it's not 100% foolproof. Wine does not use virtualization which is required to completely sandbox windows apps.
> "sandbox" implies intentional security, is what I meant.
Wine is NOT intentionally secure. It can and will do EVERYTHING that
the calling user can do in the base operating system. This has been a
long subject of discussion on wine-devel in relationship to running
viruses and other malware. If you need that level of security, you
really need to invest in:
1. A machine that you can completely destroy (and I mean destroy as in
it will be junk when you get done.)
2. A virtualization system that will 'sandbox' off what you are doing
from the rest of the system.
Wine is not and cannot be either of these.
More information about the wine-users