Wine and security, keeping viruses contained

JerryQuest · Post by **JerryQuest** » Sat May 03, 2008 3:18 am

Hello everybody, I think Wine is a great project. I am still new to linux (running Ubuntu, for that matter) but I have started to delve into rights management and security, so I have a question concerning the setup of Wine: Is it really advisable to link so many of may Linux home folders to the simulated Windows environment? If a windows virus deploys within the simulation and tries to delete *.doc files, for example - a lot of such viruses exist - then it could do so within my home directory on the Linux side, correct?
So I tried to delete all the preconfigured links between Wine/windows-directories and my "home" directory. the relevant lines are just blank now (I use winecfg from my ubuntu/gnome applications menu).
However, when I tried a windows program (old game Jedi Knight 2, btw), it asked whether it should create a link on my desktop. Which I told it to do, believing that the link would end up within home/.wine/drive_c/windows/profiles/... /desktop
Which it did, but it also showed up on my linux desktop (home/.../desktop). So the link is still between windows desktop and linu desktop is still working, right? And what about the other links to my home directories, are they working too?

How can I switch this off, and should I do it? Is this dangerous or not?

vitamin · Post by **vitamin** » Sat May 03, 2008 11:34 am

JerryQuest wrote:Hello everybody, I think Wine is a great project. I am still new to linux (running Ubuntu, for that matter) but I have started to delve into rights management and security, so I have a question concerning the setup of Wine: Is it really advisable to link so many of may Linux home folders to the simulated Windows environment? If a windows virus deploys within the simulation and tries to delete *.doc files, for example - a lot of such viruses exist - then it could do so within my home directory on the Linux side, correct?

Yes. Anything your user can do Wine can so does any program running on Wine.

JerryQuest wrote:How can I switch this off, and should I do it? Is this dangerous or not?

You can do that in winecfg by un-checking "link" check-box. And removing mapping for the Z: drive. However this will not stop Wine from accessing the entire disk - everything your user can.

JerryQuest · Post by **JerryQuest** » Sun May 04, 2008 2:05 am

Ok, I understand that Wine itself will still be running with my user rights. But I want to stop the simulated Windows from accessing my personal folders, except the home/user/.wine of course.
I un-checked the check boxes, but why can Windows still place a link to a Windows program on my Linux desktop?

Post by **dimesio** » Sun May 04, 2008 8:05 am

JerryQuest wrote: I un-checked the check boxes, but why can Windows still place a link to a Windows program on my Linux desktop?

Because you can.

The only way I can think of to get the level of security you want would be to create a separate user account solely for running Wine. That account would have access to everything in its own home folder, but not your regular one.

vitamin · Post by **vitamin** » Sun May 04, 2008 1:03 pm

JerryQuest wrote:I un-checked the check boxes, but why can Windows still place a link to a Windows program on my Linux desktop?

Windows can't - Wine can. I've already told you. Besides Wine can't do nothing if application makes system calls directly bypassing Wine.

The false sense of security is worse then no security.

austin987 · Post by **austin987** » Sun May 04, 2008 1:39 pm

On Sun, May 4, 2008 at 1:03 PM, vitamin <[email protected]> wrote:

[quote="JI un-checked the check boxes, but why can Windows still place a link to a Windows program on my Linux desktop?

Windows can't - Wine can. I've already told you. Besides Wine can't do nothing if application makes system calls directly bypassing Wine.

The false sense of security is worse then no security.

[/quote]
It runs with your user rights, you'd need something like Apparmor or
SELinux to accomplish that.

Ove Kaaven · Post by **Ove Kaaven** » Sun May 04, 2008 2:59 pm

JerryQuest skrev:

Ok, I understand that Wine itself will still be running with my user rights. But I want to stop the simulated Windows from accessing my personal folders, except the home/user/.wine of course.
I un-checked the check boxes, but why can Windows still place a link to a Windows program on my Linux desktop?

Windows can not. Do you really think your Windows applications knows
enough about Linux and its desktop standards to directly put a link on
your Linux desktop themselves? No, that's Wine's doing, placing a
converted link on your Linux desktop for your convenience.

JerryQuest · Post by **JerryQuest** » Sun May 04, 2008 3:59 pm

Exactly what I mean. Wine should not enable the simulated Windows to access my Linux desktop if the respective check-box is NOT activated. This is either a bug or wrong design. Because Windows by itself only tries to access the Windows desktop.
The problem is with Wine transferring this access to the LInux desktop altough it has been explicitely told NOT to. I repeat again: the check-box is unchecked, there should be NO linking of the directories. This is not about user rights, it is about a Wine function gone wild.
Of course, maybe I dont get it right: What does Wine actually do? Does it automatically translate all Windows acess to the Windows desktop to my home/desktop folder? That would be a problem...
Or does it just duplicate all links (*.lnk etc.)? That would be a convenience function and not dangerous, of course.

Ove Kaaven · Post by **Ove Kaaven** » Sun May 04, 2008 4:14 pm

JerryQuest skrev:

Exactly what I mean. Wine should not enable the simulated Windows to access my Linux desktop if the respective check-box is NOT activated. This is either a bug or wrong design.

Was that a reply to my comment? If so, what ARE you talking about? I
just stated that Windows DID NOT access your Linux desktop. It was
Wine's doing, spawning a Unix shell script to create a link on your
desktop, for your convenience (or agitation, as it were).

That said, Wine isn't a sandbox, you can't really stop malicious
software from doing anything your user can do, if that software really
wants to break out of the simulated Windows environment.

JerryQuest · Post by **JerryQuest** » Sun May 04, 2008 4:30 pm

Just a script for creating a nice icon? Thanks! Thats ok of course. Would be pleasing instead of frightening if somebody would care to write it down somewhere in the documentation. Very good to know.

roderick · Post by **roderick** » Sun May 04, 2008 5:14 pm

I think the original issue is that the user is confusing the regular .desktop file with a windows shortcut - these are two completely different things.

Wine with use native linux tools to generate a desktop file, which looks similar to the windows sortcut, but it is most certainly not the windows shortcut.

This should not be a concern, as the generated desktop file is just a regular .desktop used by your linux system and has an exec line with wine and the windows program - that's all. It's not windows accessing your desktop

Cheers.

austin987 · Post by **austin987** » Sun May 04, 2008 5:18 pm

On Sun, May 4, 2008 at 5:14 PM, roderick <[email protected]> wrote:

I think the original issue is that the user is confusing the regular .desktop file with a windows shortcut - these are two completely different things.

Wine with use native linux tools to generate a desktop file, which looks similar to the windows sortcut, but it is most certainly not the windows shortcut.

This should not be a concern, as the generated desktop file is just a regular .desktop used by your linux system and has an exec line with wine and the windows program - that's all. It's not windows accessing your desktop

Cheers.

True, but wine apps can still access outside files, within the
permissions of the user account it is run as.

JerryQuest · Post by **JerryQuest** » Sun May 04, 2008 5:31 pm

I'll keep this in mind, but basically I am quite happy now - no Windows on my desktop