http://bugs.winehq.org/show_bug.cgi?id=59767 Zeb Figura <z.figura12@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |z.figura12@gmail.com --- Comment #9 from Zeb Figura <z.figura12@gmail.com> --- (In reply to Aaron Rainbolt from comment #6)
That depends on the kind of code though. If a user downloads a Word document with a sandboxed Firefox, then clicks the "Open" button in the browser to open it, the user would naturally expect that a) the file should open, and b) opening the file won't run arbitrary code within the file.
I don't see how that has anything to do with sandboxing, though? The system isn't designed with any way to know whether something is trustworthy or not, so something like LibreOffice can't make that decision based on the presence of a sandbox; it has to decide to not do anything dangerous for *any* files, ever. Generally, then, an application has to decide whether it is going to act as a security boundary, or whether it's going to put all the burden of trust on the user. LibreOffice can act as a security boundary relatively easily (as I understand). Firefox has a harder time, but chose to do it anyway. Wine has *always* decided not to, mostly because it has an extremely hard time doing so. Once you're letting code run natively on the processor, it is very hard to prevent it from escaping, and attempts to do so very frequently come with a performance cost, not to mention a development cost. Wine's behaviour may contradict XDG guidelines, but there's no way to follow them while still being useful. As far as I can tell, the implicit assertion behind the guidelines is "users shouldn't have to vet the files they're opening", which is incompatible with Wine's security model. It would make more sense to argue that Wine should be a sandbox. I don't expect that argument to be well-received, though, and you should be prepared to be able to put up all of the work that would be necessary, since nobody else is likely to, whether volunteer or sponsored. Also, how exactly does Flatpak deal with ELF binaries? They're in essentially the same category. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.