https://bugs.winehq.org/show_bug.cgi?id=37355
--- Comment #28 from Richard Yao ryao@gentoo.org --- (In reply to Richard Yao from comment #27)
I could see someone writing a really tiny root daemon that allows a process to gain access to a file descriptor of a child’s address space in any case that ptrace allows access and having the wine server talk to it. It should be possible to do that in a secure manner.
Let me reword that, it should be!
I could see someone writing a really tiny root daemon that allows a process to gain access to a file descriptor of the address space of another process in any case that ptrace allows access and having the wine server talk to it. It should be possible to do that in a secure manner.
ptrace allows access to every process on the system if you have root, child or non child. The same goes for processes owned by the same UNIX user if I recall correctly. It would possible to add restrictions to such a daemon to lock it down, such as allowing only descendant processes and/or processes that are certain executables though. However, those restrictions should be enough to give Wine what it needs.