[Wine] Re: creating built-in firewall for Wine

Boriso wineforum-user at winehq.org
Tue Apr 5 01:30:52 CDT 2011


vitamin wrote:
> 
> Boriso wrote:
> > I want to have firewall/monitor in wine. Configuring Linux firewall is an external solution that affects all programs etc.
> 
> Wine can't have any firewalls. It's a 100% user space program without any abilities to sandbox: http://wiki.winehq.org/FAQ#head-f566a12c806a1eacaeefb7cb6419a513a773c571
> 
> Even if modified Wine will have such a "firewall" nothing can prevent windows program from directly calling system for unrestricted network access.


According to the Wine architecture here http://www.winehq.org/site/docs/winedev-guide/x2591 "Wine must at least completely replace the "Big Three" DLLs (KERNEL/KERNEL32, GDI/GDI32, and USER/USER32), which all other DLLs are layered on top of. But since Wine is (for various reasons) leaning towards the NT way of implementing things, the NTDLL is another core DLL to be implemented in Wine, and many KERNEL32 and ADVAPI32 features will be implemented through the NTDLL."

Moreover there are some Wine dlls that could replace Windows ones. I think that ws2_32 is one of them. So running (under Wine) program would ask ws2_32.dll.so for network activities and could be filtered somehow. 

I heard that "Wine Is Not an Emulator", but emulator of what? It is not emulating processor or something like this, but it substitutes PE loader, important dlls and so on.
Without dlls Windows program couldn't live and Wine is able to substitute any dll functions. Am I right?







More information about the wine-users mailing list