[Bug 24550] New: Option to run Windows programs as a separate user.
http://bugs.winehq.org/show_bug.cgi?id=24550 Summary: Option to run Windows programs as a separate user. Product: Wine Version: 1.3.3 Platform: All OS/Version: Linux Status: UNCONFIRMED Severity: enhancement Priority: P2 Component: -unknown AssignedTo: wine-bugs(a)winehq.org ReportedBy: de.techno(a)gmail.com For security purposes, and atleast on Linux, wine should have an option to run a program as a different user as defined in it's config. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24550 Andrew Millington <andrew.millington(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |andrew.millington(a)gmail.com --- Comment #1 from Andrew Millington <andrew.millington(a)gmail.com> 2010-09-28 07:58:25 CDT --- Windows, Linux and Mac programs what is the difference and running wine as a different user is a bit beyond the scope of wine and you should consider native protection instead. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24550 Dan Kegel <dank(a)kegel.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dank(a)kegel.com --- Comment #2 from Dan Kegel <dank(a)kegel.com> 2010-09-28 08:16:36 CDT --- Codeweavers supports this, see http://media.codeweavers.com/pub/crossover/case_studies/WineAndSecurity.pdf If you don't want to roll your own jail, give theirs a try. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24550 --- Comment #3 from Andrew Millington <andrew.millington(a)gmail.com> 2010-09-28 09:29:08 CDT --- So this option would making native protection easy to use or is it a wine specific protection. My personal opinion is that all that wine needs is just hardening. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24550 --- Comment #4 from Dan Kegel <dank(a)kegel.com> 2010-09-28 09:48:14 CDT --- It uses native protections. That's the only way to go, since there is no way in wine to protect against malware issuing linux system calls directly. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24550 --- Comment #5 from Andrew Millington <andrew.millington(a)gmail.com> 2010-09-28 10:31:42 CDT --- What is the cost if this was a default instead of an option? -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24550 --- Comment #6 from Dan Kegel <dank(a)kegel.com> 2010-09-28 10:35:58 CDT --- Making wine secure is not an easy job, and it would probably make wine harder to use. Bugzilla is not really the appropriate place for this discussion, wine-devel might be better. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24550 --- Comment #7 from Dan Kegel <dank(a)kegel.com> 2010-09-29 10:35:06 CDT --- This and related topics are discussed in http://wiki.winehq.org/SecuringWine -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24550 --- Comment #8 from dE <de.techno(a)gmail.com> 2010-09-30 09:14:21 CDT --- (In reply to comment #2)
Codeweavers supports this, see http://media.codeweavers.com/pub/crossover/case_studies/WineAndSecurity.pdf If you don't want to roll your own jail, give theirs a try.
Then I think we should close the bug. Anyway, a simple program to delete all files, will do damage if run as normal user. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24550 --- Comment #9 from dE <de.techno(a)gmail.com> 2010-09-30 09:17:34 CDT --- A simple effective solution will be to edit the default commands in the DE to do an su <user> -c 'wine' In terminal, we can set aliases, like wine means su <user> -c wine -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24550 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Platform|All |Other --- Comment #10 from Austin English <austinenglish(a)gmail.com> 2012-02-23 15:26:55 CST --- Removing deprecated 'All' Platform. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=24550 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download, integration --- Comment #11 from Austin English <austinenglish(a)gmail.com> --- (In reply to dE from comment #9)
A simple effective solution will be to edit the default commands in the DE to do an su <user> -c 'wine'
Wine doesn't control that, the DE does. In any case, still present. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=24550 dE <de.techno(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |WONTFIX --- Comment #12 from dE <de.techno(a)gmail.com> --- Out of scope of WINE. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=24550 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #13 from Austin English <austinenglish(a)gmail.com> --- Closing. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (1)
-
wine-bugs@winehq.org