[Bug 52230] New: Container programs can access Linux files
https://bugs.winehq.org/show_bug.cgi?id=52230 Bug ID: 52230 Summary: Container programs can access Linux files Product: Wine Version: 6.23 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: major Priority: P2 Component: -unknown Assignee: wine-bugs(a)winehq.org Reporter: mahg361(a)gmail.com Distribution: --- Created attachment 71326 --> https://bugs.winehq.org/attachment.cgi?id=71326 Screenshot Windows programs can access files outside container -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=52230 Nikolay Sivov <bunglehead(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|major |normal --- Comment #1 from Nikolay Sivov <bunglehead(a)gmail.com> --- Wine does not provide container functionality. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=52230 mahg361(a)gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Container programs can |Windows programs can access |access Linux files |Linux files -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=52230 --- Comment #2 from mahg361(a)gmail.com --- Thanks By container I mean wine -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=52230 mahg361(a)gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- Version|6.23 |7.0-rc1 -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=52230 --- Comment #3 from Henri Verbeet <hverbeet(a)gmail.com> --- (In reply to mahg361 from comment #2)
Thanks By container I mean wine
Yes, but this is intentional. Most of the time we want Windows applications to be able to interact with the rest of the Linux system. Wine itself makes no attempt to limit this. If restricting this ability is desired, tools like AppArmor, seccomp filters, SELinux, or perhaps simply running Wine inside a virtual machine like QEMU, would be better suited. There exist tools built on top of those, like e.g. Firejail that should work with Wine. I hope that helps. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=52230 --- Comment #4 from destroyed nerd <mahg361(a)gmail.com> --- First thank you for guidance, it is helpful 1- If you mean access to documents folder for program like Photoshot, Office then limit access to documents, Photos folders, access to e.g. Firefox passwords folder is unnecessary 2- If you mean Windows programs that make system level changes, how accessing Linux file directly can help such program? These program would do it through c:/windows libraries -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=52230 Fabian Maurer <dark.shadow4(a)web.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED CC| |dark.shadow4(a)web.de Resolution|--- |INVALID --- Comment #5 from Fabian Maurer <dark.shadow4(a)web.de> --- As already said, programs running under Wine can access everything your user can access. This is intentional, there is no bug here. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=52230 Zebediah Figura <z.figura12(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |z.figura12(a)gmail.com Status|RESOLVED |CLOSED --- Comment #6 from Zebediah Figura <z.figura12(a)gmail.com> --- (In reply to destroyed nerd from comment #4)
First thank you for guidance, it is helpful
1- If you mean access to documents folder for program like Photoshot, Office then limit access to documents, Photos folders, access to e.g. Firefox passwords folder is unnecessary
There's no meaningful difference between these a priori. That is, Wine has no idea what files you want to be visible and which you don't. Hence that's the kind of thing you should solve yourself, using existing Unix permissions tools. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (1)
-
WineHQ Bugzilla