Hi,
New wine user here. Installed Wine with IES4Linux and was totally amazed
at how well it worked and how simple it was! Excellent!
The problem I have is I want to restrict IE6 from being able to access my
entire Linux file system and just allow it to access (for instance)
~/.wine/drive_c.
I haven't found out how to do that yet. Is it possible?
More detail: In IE6 under Wine, File->Open->Browse... allows me to go
surfing my Linux file system. Meaning any viruses/malware that might
infest IE6, could access anything I can read on my Linux FS (pretty much
everything). I want to remove that possibility.
Thanks,
Randall
How to remove read access to / and my $HOME
-
Dan Kegel
How to remove read access to / and my $HOME
On Tue, Apr 15, 2008 at 8:33 PM, Randall Hopper <[email protected]> wrote:
make it a lot harder for malware to browse your system.
It's not foolproof, but give it a shot.
- Dan
Sort of. By deleting the ~/.wine/dosdrives/z: symlink, you'llThe problem I have is I want to restrict IE6 from being able to access my
entire Linux file system and just allow it to access (for instance)
~/.wine/drive_c.
make it a lot harder for malware to browse your system.
It's not foolproof, but give it a shot.
- Dan
-
Randall Hopper
How to remove read access to / and my $HOME
Dan Kegel:
|On Tue, Apr 15, 2008 at 8:33 PM, Randall Hopper <[email protected]> wrote:
|> The problem I have is I want to restrict IE6 from being able to access my
|> entire Linux file system and just allow it to access (for instance)
|> ~/.wine/drive_c.
|
|Sort of. By deleting the ~/.wine/dosdrives/z: symlink, you'll
|make it a lot harder for malware to browse your system.
|It's not foolproof, but give it a shot.
Thanks, but I'd already done that. Inside IE6, File->Open->Browse... still
lets me walk around inside of my entire Linux file system.
I guess the question is, how do I get rid of the "/" folder (my Linux file
system) which lives inside the top-level Desktop folder?:
Desktop
My Computer
My Documents
/
...
If I can't, is running Wine inside of a chroot practical?
Thanks,
Randall
~/.wine/dosdevices > ls -al
total 8
drwxr-xr-x 2 rhh users 4096 Apr 15 22:15 .
drwxr-xr-x 4 rhh users 4096 Apr 15 22:25 ..
lrwxrwxrwx 1 rhh users 10 Apr 15 21:55 c: -> ../drive_c
lrwxrwxrwx 1 rhh users 10 Apr 15 21:55 com1 -> /dev/ttyS0
lrwxrwxrwx 1 rhh users 10 Apr 15 21:55 com2 -> /dev/ttyS1
lrwxrwxrwx 1 rhh users 10 Apr 15 21:55 com3 -> /dev/ttyS2
lrwxrwxrwx 1 rhh users 10 Apr 15 21:55 com4 -> /dev/ttyS3
lrwxrwxrwx 1 rhh users 8 Apr 15 21:55 lpt1 -> /dev/lp0
lrwxrwxrwx 1 rhh users 9 Apr 15 22:14 x: -> /tmp/wine
|On Tue, Apr 15, 2008 at 8:33 PM, Randall Hopper <[email protected]> wrote:
|> The problem I have is I want to restrict IE6 from being able to access my
|> entire Linux file system and just allow it to access (for instance)
|> ~/.wine/drive_c.
|
|Sort of. By deleting the ~/.wine/dosdrives/z: symlink, you'll
|make it a lot harder for malware to browse your system.
|It's not foolproof, but give it a shot.
Thanks, but I'd already done that. Inside IE6, File->Open->Browse... still
lets me walk around inside of my entire Linux file system.
I guess the question is, how do I get rid of the "/" folder (my Linux file
system) which lives inside the top-level Desktop folder?:
Desktop
My Computer
My Documents
/
...
If I can't, is running Wine inside of a chroot practical?
Thanks,
Randall
~/.wine/dosdevices > ls -al
total 8
drwxr-xr-x 2 rhh users 4096 Apr 15 22:15 .
drwxr-xr-x 4 rhh users 4096 Apr 15 22:25 ..
lrwxrwxrwx 1 rhh users 10 Apr 15 21:55 c: -> ../drive_c
lrwxrwxrwx 1 rhh users 10 Apr 15 21:55 com1 -> /dev/ttyS0
lrwxrwxrwx 1 rhh users 10 Apr 15 21:55 com2 -> /dev/ttyS1
lrwxrwxrwx 1 rhh users 10 Apr 15 21:55 com3 -> /dev/ttyS2
lrwxrwxrwx 1 rhh users 10 Apr 15 21:55 com4 -> /dev/ttyS3
lrwxrwxrwx 1 rhh users 8 Apr 15 21:55 lpt1 -> /dev/lp0
lrwxrwxrwx 1 rhh users 9 Apr 15 22:14 x: -> /tmp/wine
-
Dan Kegel
How to remove read access to / and my $HOME
On Wed, Apr 16, 2008 at 3:00 PM, Randall Hopper <[email protected]> wrote:
http://www.winehq.org/?issue=281#UnixFS ... %20Desktop
and
http://source.winehq.org/source/dlls/sh ... xfs.c#L118
explain that you can disable that by deleting the registry key
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\Namespace\{9D20AAE8-0625-44B0-9CA7-71889C2254D9}
Does that do it for you?
Ohhh. That. Yes.|Sort of. By deleting the ~/.wine/dosdrives/z: symlink, you'll
|make it a lot harder for malware to browse your system.
|It's not foolproof, but give it a shot.
Thanks, but I'd already done that. Inside IE6, File->Open->Browse... still
lets me walk around inside of my entire Linux file system.
I guess the question is, how do I get rid of the "/" folder (my Linux file
system) which lives inside the top-level Desktop folder?:
http://www.winehq.org/?issue=281#UnixFS ... %20Desktop
and
http://source.winehq.org/source/dlls/sh ... xfs.c#L118
explain that you can disable that by deleting the registry key
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\Namespace\{9D20AAE8-0625-44B0-9CA7-71889C2254D9}
Does that do it for you?
Re: How to remove read access to / and my $HOME
That's be design. However you won't be able to open any files there. What you see is the shell name space only. You can test this yourself with Wine's notepad by trying to open a file outside ~/.wine/drive_c.Randall Hopper wrote:Thanks, but I'd already done that. Inside IE6, File->Open->Browse... still lets me walk around inside of my entire Linux file system.
Chroot is not an option - Wine depends on lots of things that won't work in chroot.
-
Randall Hopper
How to remove read access to / and my $HOME
Dan Kegel:
|> Thanks, but I'd already done that. Inside IE6,
|> File->Open->Browse... still lets me walk around inside of my entire
|> Linux file system.
|>
|> I guess the question is, how do I get rid of the "/" folder (my Linux file
|> system) which lives inside the top-level Desktop folder?:
|
|Ohhh. That. Yes.
|
|http://www.winehq.org/?issue=281#UnixFS ... %20Desktop
|and
|http://source.winehq.org/source/dlls/sh ... xfs.c#L118
|explain that you can disable that by deleting the registry key
|HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\Namespace\{9D20AAE8-0625-44B0-9CA7-71889C2254D9}
|
|Does that do it for you?
No, unfortunately not. I deleted the key using regedit, brought up IE6,
still saw the / under Desktop. Quit IE6, ran regedit, and verified that
the key was still deleted.
What am I missing? Probably a newbie thing I'm missing somehow.
Thanks,
Randall
|> Thanks, but I'd already done that. Inside IE6,
|> File->Open->Browse... still lets me walk around inside of my entire
|> Linux file system.
|>
|> I guess the question is, how do I get rid of the "/" folder (my Linux file
|> system) which lives inside the top-level Desktop folder?:
|
|Ohhh. That. Yes.
|
|http://www.winehq.org/?issue=281#UnixFS ... %20Desktop
|and
|http://source.winehq.org/source/dlls/sh ... xfs.c#L118
|explain that you can disable that by deleting the registry key
|HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\Namespace\{9D20AAE8-0625-44B0-9CA7-71889C2254D9}
|
|Does that do it for you?
No, unfortunately not. I deleted the key using regedit, brought up IE6,
still saw the / under Desktop. Quit IE6, ran regedit, and verified that
the key was still deleted.
What am I missing? Probably a newbie thing I'm missing somehow.
Thanks,
Randall
Re: How to remove read access to / and my $HOME
Did you checked which WINEPREFIX is it using?Randall Hopper wrote:No, unfortunately not. I deleted the key using regedit, brought up IE6,
-
Randall Hopper
How to remove read access to / and my $HOME
vitamin:
|Randall Hopper wrote:
|> No, unfortunately not. I deleted the key using regedit, brought up IE6,
|
|Did you checked which WINEPREFIX is it using?
Ah! That's it exactly. Didn't even know about WINEPREFIX or that you
could have two registries one one box, but with your hint discovered that
IES4LINUX is using a WINEPREFIX of ~/.ies4linux/ie6 instead of the default
~/.wine.
Now it's working. Thanks for the tip!
Feel much better with this setup as I don't trust IE security as far as I
can throw Steve Ballmer.
A firewalled sandbox is the only way to go.
Thanks again!
Randall
|Randall Hopper wrote:
|> No, unfortunately not. I deleted the key using regedit, brought up IE6,
|
|Did you checked which WINEPREFIX is it using?
Ah! That's it exactly. Didn't even know about WINEPREFIX or that you
could have two registries one one box, but with your hint discovered that
IES4LINUX is using a WINEPREFIX of ~/.ies4linux/ie6 instead of the default
~/.wine.
Now it's working. Thanks for the tip!
Feel much better with this setup as I don't trust IE security as far as I
can throw Steve Ballmer.
A firewalled sandbox is the only way to go.Thanks again!
Randall
-
Stefan Klein
How to remove read access to / and my $HOME
On Wed, 16 Apr 2008 19:28:48 -0500
Randall Hopper <[email protected]> wrote:
Something like .ies4linux or the like.
If so you have to set WINEPREFIX befor running regedit, and you have to check .ies4linux/dosdrives/ instead of .wine/dosdrives
--
Stefan
rm -rf # remote mail, real fast
Randall Hopper <[email protected]> wrote:
Doesn't ies4linux use an other WINEPREFIX?No, unfortunately not. I deleted the key using regedit, brought up IE6,
still saw the / under Desktop. Quit IE6, ran regedit, and verified that
the key was still deleted.
What am I missing? Probably a newbie thing I'm missing somehow.
Something like .ies4linux or the like.
If so you have to set WINEPREFIX befor running regedit, and you have to check .ies4linux/dosdrives/ instead of .wine/dosdrives
--
Stefan
rm -rf # remote mail, real fast
