https://bugs.winehq.org/show_bug.cgi?id=8332

oiaohm oiaohm@gmail.com changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |oiaohm@gmail.com

--- Comment #23 from oiaohm oiaohm@gmail.com --- After reading the system ping hack. Yes it contains a bad practice.

Use of system command should be frowned on. Issue 1 with system is the possibility of coder error. Issue 2 the command line has to be broken up into null terminated strings any how. Something out of exec commands should be used. http://linux.die.net/man/3/execv

But this bad practice is quite minor.

Setting "sudo setcap cap_net_raw+epi /usr/bin/wine-preloader" from a security point of view is extremely horrible. 1) not every application requires these privileges. 2) How much code really need to be running with these privilages

As what is said under windows you don't need privilege todo these operation. Ping due to having privilege flag does not mean wine needs it on the loader.

Question should wine have a /usr/bin/wine-icmp that is coded to perform all the icmp functionality of Windows.

--The privilege issue is certainly outside of Wine but I think it's better to leave this open. Otherwise equivalent bugs will be opened over and over again.--

Yes privilege issue is kinda outside wine. But wine has to operate correctly in these privileged environments. Sometimes this means breaking parts off into independent applications to perform higher privilege tasks. If something should be broken off that is a wine question.

Can wine icmp.dll function if all the functionality of the icmp.dll was implemented as a native independent executable that icmp.dll call by exec or equal. If so this is most likely what should happen as then "setcap cap_net_raw+epi" would only have to be granted on that limited code area.

Harder issue is the fact you cannot sudo setcap cap_net_raw+epi some.exe file and have that executable only with the lifted privilege.

Binding ports under 1024 being restricted exists for reason. Again this is another item that could be done by an indpendant application to the loader. https://en.wikipedia.org/wiki/Authbind is example of this. Binding ports under 1024 it would be great there was a file /etc/wine/ports listing what ports wine applications could in fact bind on. Like you don't want dhcp/dns ports taken over by a wine application because you were just restarting a server.

Yes these independent applications could check if the executable the loader is using has the right applied cap values before processing the request as well as having special configuration files.

So each time we need to set a cap on loader to work the question need to be asked should/can this functionality be an independent helper executable.