Re : How to remove read access to / and my $HOME

[Sylvain Petreolle]

De : Dan Kegel <[email protected]>
À : Randall Hopper <[email protected]>
Cc : [email protected]
Envoyé le : Jeudi, 17 Avril 2008, 0h14mn 03s
Objet : Re: [Wine] How to remove read access to / and my $HOME

On Wed, Apr 16, 2008 at 3:00 PM, Randall Hopper wrote:

|Sort of. By deleting the ~/.wine/dosdrives/z: symlink, you'll
|make it a lot harder for malware to browse your system.
|It's not foolproof, but give it a shot.

Thanks, but I'd already done that. Inside IE6, File->Open->Browse... still
lets me walk around inside of my entire Linux file system.

I guess the question is, how do I get rid of the "/" folder (my Linux file
system) which lives inside the top-level Desktop folder?:

Ohhh. That. Yes.

http://www.winehq.org/?issue=281#UnixFS ... %20Desktop
and
http://source.winehq.org/source/dlls/sh ... xfs.c#L118
explain that you can disable that by deleting the registry key
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\Namespace\{9D20AAE8-0625-44B0-9CA7-71889C2254D9}

Does that do it for you?

Hmm.
It means that a program looking specifically for that would be able to reenable it at any moment.
1° Detect Wine,
2° Reenable unixfs unconditionally,
3° Do weird things with lots of unix files (especially if the user runs it as root)

[Ove Kaaven]

Sylvain Petreolle skrev:

Hmm.
It means that a program looking specifically for that would be able to reenable it at any moment.
1° Detect Wine,
2° Reenable unixfs unconditionally,
3° Do weird things with lots of unix files (especially if the user runs it as root)

Why does that worry you? For anything Wine-aware, there's a far simpler
way to get unlimited access to your Unix files.

1) Detect Wine
2) Do direct Linux syscalls
3) Profit

Wine isn't a sandbox. There's no way you can prevent malicious software
from accessing $HOME under Wine.

Perhaps in the future it might be possible, if someone wrote some
security module for Linux that only allowed syscalls from Wine builtin
dlls and not PE native dlls or something, protected the dlls from being
modified, and people otherwise tried to make Wine more secure. But for
the time being, there's no shortage of attack vectors against Wine.

(And yeah, definitely never run Wine as root.)

[Tom Evans]

On Sun, 2008-04-20 at 15:40 +0200, Ove Kaaven wrote:

Sylvain Petreolle skrev:

Hmm.
It means that a program looking specifically for that would be able to reenable it at any moment.
1° Detect Wine,
2° Reenable unixfs unconditionally,
3° Do weird things with lots of unix files (especially if the user runs it as root)

Why does that worry you? For anything Wine-aware, there's a far simpler
way to get unlimited access to your Unix files.

1) Detect Wine
2) Do direct Linux syscalls
3) Profit

Wine isn't a sandbox. There's no way you can prevent malicious software
from accessing $HOME under Wine.

Perhaps in the future it might be possible, if someone wrote some
security module for Linux that only allowed syscalls from Wine builtin
dlls and not PE native dlls or something, protected the dlls from being
modified, and people otherwise tried to make Wine more secure. But for
the time being, there's no shortage of attack vectors against Wine.

(And yeah, definitely never run Wine as root.)

If you are feeling particularly paranoid, you could run FreeBSD instead
of (I assume) Linux, run X in its own jail, run your Wine apps in their
own jail (fiddling DISPLAY and granting access to the X server).

IMHO this is vastly more effort than the potential benefit. You could
probably get as much security as you wish by chroot(8)'ing wine.

Tom


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part
Url : http://www.winehq.org/pipermail/wine-us ... chment.pgp