http://bugs.winehq.org/show_bug.cgi?id=25537
Andrew Nguyen arethusa26@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|wineserver |-unknown Severity|critical |normal
--- Comment #1 from Andrew Nguyen arethusa26@gmail.com 2010-12-16 15:00:01 CST --- (In reply to comment #0)
Probably since 1.3.8 or 1.3.9 any Windows application can open (read/write/list/erase) any files in / (root) regardless user defined disk devices (under ~/.wine/dosdevices).
I can't reproduce this behavior for normal Win32 file accesses with a clean Wine prefix after running winetricks sandbox, which removes the z: symlink and a few others.
It's a huge security issue, because in the past you could erase z: -> / symbolic link and safely run any software (including malware).
Removing the z: symlink provides only illusory security benefits, as http://wiki.winehq.org/FAQ#head-3cb8f054b33a63be30f98a1b6225d74e305a0459 discusses.
This security measure has been removed without any explanations how to harden your Wine PREFIX.