Wine ICMP Setcap

[Hacksaurus_Babu]

Hey I have this problem that was only slightly addressed in the wine fix guide. I am trying to run SFD using dotnet45, xna40, and directx9 (d3dx9)...

The game itself gives no error, but cannot enter any games because what I think is this:

Code: Select all

enter cerr:winediag:IcmpCreateFile Failed to use ICMP (network ping), this requires special permissions.

This was addressed here:
https://wiki.winehq.org/FAQ#Failed_to_u ... ermissions

But the command that I used gave me this error:
The command:

Code: Select all

sudo setcap cap_net_raw+epi /usr/bin/wine-preloader

Code: Select all

Failed to set capabilities on file `/usr/bin/wine-preloader' (Invalid argument)
The value of the capability argument is not permitted for a file. 
Or the file is not a regular (non-symlink) file

Thanks for anybody who can help!

(Link to Game)
https://mythologicinteractive.com/SuperfightersDeluxe
(Sample of Error...)
https://i.stack.imgur.com/QuYZo.png

[Bob Wya]

The setcap command works on my System:

Code: Select all

sudo setcap cap_net_raw+epi /usr/bin/wine-preloader

The package version I have installed.

Code: Select all

emerge -pv =sys-libs/libcap-2.25

[ebuild   R   ~] sys-libs/libcap-2.25::gentoo  USE="pam -static-libs" ABI_X86="32 (64) (-x32)" 63 KiB

What distribution are you running?

Bob

[Hacksaurus_Babu]

I am running Ubuntu 16.04, and for me I have libcap-2.24... This is what dpkg printed:
/lib/x86_64-linux-gnu/libcap.so.2.24
I don't know setcap SHOULD be a non-symlink file...

EDIT:
So I know that you SHOULD'T REALLY RUN WINE AS ROOT, but I was able to get rid of that ICMP error, but is still not working... The error that pops up is stuff about winsock?...

[Bob Wya]

I am running Ubuntu 16.04 ...

I'd ask on the Ubuntu forums or Ask Ubuntu - whether Ubuntu has additional AppArmour (??) restrictions set - that might affect the functioning of the setcap command.

That's a Linux System issue - not a Wine issue...

Bob

[Hacksaurus_Babu]

I actually tried... But nobody... actually replied.... Wait I do have 2 questions!
1. So is wine vulnerable to Metasploit (Or any XP attack) XP attacks?... If not, then is the only truly way to get hacked is by downloading malicious files?
2. So maybe I want to be secure, and instead when I do get hacked via wine the hacker can only access the wine folders, by unlinking the symbolic links, if there is one?

[dimesio]

https://wiki.winehq.org/FAQ#Is_Wine_mal ... patible.3F

[Hacksaurus_Babu]

So I'm not sure about the symbolic link answer... How exactly do I make sure that wine does not link anything to my normal system... And truly is the only way to hack is malicious exes?... Because I only install games and that's it...

[dimesio]

Removing the z: symlink will prevent apps in Wine from opening files or writing to any directories outside the fake c: drive. It will not stop them from seeing those directories, and it will not stop malware that is Wine-aware from doing anything. Security needs to handled by the OS, not Wine.

[Hacksaurus_Babu]

OK so a long as I make sure what a program does, I should be fine... Correct?

[sixsigma]

I have the example issue with IQFeed's windows exe. Failed to set capabilities on file `/usr/bin/wine-preloader' (Invalid argument)
The value of the capability argument is not permitted for a file. Or the file is not a regular (non-symlink) file.

My linux OS is:

DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.2 LTS"

[Bob Wya]

...

If you are using the WineHQ Ubuntu packages then you actually want to set permissions on the (out-of-tree) wine-preloader file:

Code: Select all

sudo setcap cap_net_raw+epi "$(readlink -f "/usr/bin/wine-preloader")"

(winehq-devel or winehq-staging packages)

As you've already found out - you can't set file capabilities for a symbolic link. So you have to alter the symbolic link target.

Bob

[Hacksaurus_Babu]

This thread is kinda old now... And I anyways solved my problem by instead using normal wine, and also using the latest wine version (the dev version).... But that you anyways Bob!

[Bob Wya]

This thread is kinda old now...

@sixsigma



Bob

[Hacksaurus_Babu]

Off-topic: 3 Kittens have died... Oh no!

[sixsigma]

After the command,

Code: Select all

sudo setcap cap_net_raw+epi "$(readlink -f "/usr/bin/wine-preloader")"

I got a new error when launching the iqfeed application.

/opt/wine-stable/bin/wine: error while loading shared libraries: libwine.so.1: cannot open shared object file: No such file or directory

I didn't have this problem previously. I believe removing the cap setting on the linked target file fixed this libwine.so.1 issue.

[Hacksaurus_Babu]

sixsigma, What wine version are you using? I am using the very latest versio, and I never get problems like those anymore...

[Bob Wya]

After the command,

Code: Select all

sudo setcap cap_net_raw+epi "$(readlink -f "/usr/bin/wine-preloader")"

I got a new error when launching the iqfeed application.

/opt/wine-stable/bin/wine: error while loading shared libraries: libwine.so.1: cannot open shared object file: No such file or directory

I didn't have this problem previously. I believe removing the cap setting on the linked target file fixed this libwine.so.1 issue.

• What commands are you using to start your application?
• Include what PWD you are using as well!
• 32-bit or 64-bit WINEPREFIX? See WineHQ FAQ: 6.5 Wineprefixes
• Have you tried using the full (out-of-tree) path to Wine, when running Wine commands e.g.:

  Code: Select all

  /opt/wine-stable/bin/wine ...

  or adding this, out-of-tree tree directory, to the front of your users PATH variable:

  Code: Select all

  echo 'PATH="/opt/wine-stable/bin:${PATH}"' >> ~/.bashrc

Ta
Bob