http://bugs.winehq.org/show_bug.cgi?id=24550
Summary: Option to run Windows programs as a separate user. Product: Wine Version: 1.3.3 Platform: All OS/Version: Linux Status: UNCONFIRMED Severity: enhancement Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: de.techno@gmail.com
For security purposes, and atleast on Linux, wine should have an option to run a program as a different user as defined in it's config.
http://bugs.winehq.org/show_bug.cgi?id=24550
Andrew Millington andrew.millington@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |andrew.millington@gmail.com
--- Comment #1 from Andrew Millington andrew.millington@gmail.com 2010-09-28 07:58:25 CDT --- Windows, Linux and Mac programs what is the difference and running wine as a different user is a bit beyond the scope of wine and you should consider native protection instead.
http://bugs.winehq.org/show_bug.cgi?id=24550
Dan Kegel dank@kegel.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |dank@kegel.com
--- Comment #2 from Dan Kegel dank@kegel.com 2010-09-28 08:16:36 CDT --- Codeweavers supports this, see http://media.codeweavers.com/pub/crossover/case_studies/WineAndSecurity.pdf If you don't want to roll your own jail, give theirs a try.
http://bugs.winehq.org/show_bug.cgi?id=24550
--- Comment #3 from Andrew Millington andrew.millington@gmail.com 2010-09-28 09:29:08 CDT --- So this option would making native protection easy to use or is it a wine specific protection. My personal opinion is that all that wine needs is just hardening.
http://bugs.winehq.org/show_bug.cgi?id=24550
--- Comment #4 from Dan Kegel dank@kegel.com 2010-09-28 09:48:14 CDT --- It uses native protections. That's the only way to go, since there is no way in wine to protect against malware issuing linux system calls directly.
http://bugs.winehq.org/show_bug.cgi?id=24550
--- Comment #5 from Andrew Millington andrew.millington@gmail.com 2010-09-28 10:31:42 CDT --- What is the cost if this was a default instead of an option?
http://bugs.winehq.org/show_bug.cgi?id=24550
--- Comment #6 from Dan Kegel dank@kegel.com 2010-09-28 10:35:58 CDT --- Making wine secure is not an easy job, and it would probably make wine harder to use. Bugzilla is not really the appropriate place for this discussion, wine-devel might be better.
http://bugs.winehq.org/show_bug.cgi?id=24550
--- Comment #7 from Dan Kegel dank@kegel.com 2010-09-29 10:35:06 CDT --- This and related topics are discussed in http://wiki.winehq.org/SecuringWine
http://bugs.winehq.org/show_bug.cgi?id=24550
--- Comment #8 from dE de.techno@gmail.com 2010-09-30 09:14:21 CDT --- (In reply to comment #2)
Codeweavers supports this, see http://media.codeweavers.com/pub/crossover/case_studies/WineAndSecurity.pdf If you don't want to roll your own jail, give theirs a try.
Then I think we should close the bug.
Anyway, a simple program to delete all files, will do damage if run as normal user.
http://bugs.winehq.org/show_bug.cgi?id=24550
--- Comment #9 from dE de.techno@gmail.com 2010-09-30 09:17:34 CDT --- A simple effective solution will be to edit the default commands in the DE to do an su <user> -c 'wine'
In terminal, we can set aliases, like wine means su <user> -c wine
http://bugs.winehq.org/show_bug.cgi?id=24550
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Platform|All |Other
--- Comment #10 from Austin English austinenglish@gmail.com 2012-02-23 15:26:55 CST --- Removing deprecated 'All' Platform.
https://bugs.winehq.org/show_bug.cgi?id=24550
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download, integration
--- Comment #11 from Austin English austinenglish@gmail.com --- (In reply to dE from comment #9)
A simple effective solution will be to edit the default commands in the DE to do an su <user> -c 'wine'
Wine doesn't control that, the DE does.
In any case, still present.
https://bugs.winehq.org/show_bug.cgi?id=24550
dE de.techno@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |WONTFIX
--- Comment #12 from dE de.techno@gmail.com --- Out of scope of WINE.
https://bugs.winehq.org/show_bug.cgi?id=24550
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #13 from Austin English austinenglish@gmail.com --- Closing.
-
wine-bugs@winehq.org