http://bugs.winehq.org/show_bug.cgi?id=20578
Summary: Debian/Ubuntu packages do not follow proper format for /etc/sysctl.d Product: Wine Version: unspecified Platform: PC OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: at@drinian.org
After reading about the recent security hole in the Linux kernel (cf. http://linux.slashdot.org/story/09/11/04/0320254/), I decided to add a new script to /etc/sysctl.d/ to set vm.mmap_min_addr to a non-zero value even though I have Wine installed.
Problem is, the Wine package installs a file, /etc/sysctl.d/wine.sysctl.conf, that does not have a numerical prefix in its file name. It will always execute after all other files in the directory that have values like 10-*.conf, 30-*.conf, etc. This is explained in the file /etc/sysctl.d/README.
So, to make my new reset script run after Wine's script, I have to name it something like zz.wine-undo.sysctl.conf.
Package maintainer should probably at minimum rename the file, if not find a way to encourage users to make this security-lowering decision on their own rather than making it the default. (Maybe a warning message from wine when vm.mmap_min_addr is not zero?)
http://bugs.winehq.org/show_bug.cgi?id=20578
Alexander Scott-Johns alexander.scott.johns+winebug@googlemail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |alexander.scott.johns+wineb | |ug@googlemail.com
--- Comment #1 from Alexander Scott-Johns alexander.scott.johns+winebug@googlemail.com 2009-11-04 16:02:32 --- (In reply to comment #0)
Package maintainer should probably at minimum rename the file, if not find a way to encourage users to make this security-lowering decision on their own rather than making it the default. (Maybe a warning message from wine when vm.mmap_min_addr is not zero?)
Wine doesn't work if it not zero.
See also: * http://wiki.winehq.org/PreloaderPageZeroProblem * Bug 12516 (err:dosmem:setup_dos_mem error report on every run of Wine) * Bug 19732 (Security: use CAP_SYS_RAWIO during start up to map the memory below mmap_min_addr instead of permanently lowering it at install time)
http://bugs.winehq.org/show_bug.cgi?id=20578
--- Comment #2 from Austin English austinenglish@gmail.com 2009-11-04 16:40:01 --- (In reply to comment #1)
(In reply to comment #0)
Package maintainer should probably at minimum rename the file, if not find a way to encourage users to make this security-lowering decision on their own rather than making it the default. (Maybe a warning message from wine when vm.mmap_min_addr is not zero?)
Wine doesn't work if it not zero.
See also:
- http://wiki.winehq.org/PreloaderPageZeroProblem
- Bug 12516 (err:dosmem:setup_dos_mem error report on every run of Wine)
- Bug 19732 (Security: use CAP_SYS_RAWIO during start up to map the memory
below mmap_min_addr instead of permanently lowering it at install time)
Wine itself still works, but any program using DOS calls will fail and you'll get that scary warning.
http://bugs.winehq.org/show_bug.cgi?id=20578
--- Comment #3 from drinian at@drinian.org 2009-11-04 16:45:15 --- For folks like me who are occasional Wine users, and never use programs so old enough to trigger the error, it seems unnecessary to open up this security hole full-time, minor though it may be.
I could just as easily write a startup script for each of my Wine programs that ran sysctl to change this value for the duration of execution of the program.
http://bugs.winehq.org/show_bug.cgi?id=20578
--- Comment #4 from drinian at@drinian.org 2009-11-04 16:48:12 --- It looks like there's already been discussion on the wider issue. Maybe I should just constrain this bug to the titular request, namely, that the file for APT be renamed?
http://bugs.winehq.org/show_bug.cgi?id=20578
Vitaliy Margolen vitaliy@kievinfo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution| |INVALID
--- Comment #5 from Vitaliy Margolen vitaliy@kievinfo.com 2009-11-04 19:27:50 --- File bug with your distro. This bugzilla for vanilla Wine only. And vanilla Wine contains no such file.
http://bugs.winehq.org/show_bug.cgi?id=20578
Vitaliy Margolen vitaliy@kievinfo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #6 from Vitaliy Margolen vitaliy@kievinfo.com 2009-11-04 19:28:03 --- Closing invalid - not Wine bug.
http://bugs.winehq.org/show_bug.cgi?id=20578
Scott Ritchie scott@open-vote.org changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |scott@open-vote.org
--- Comment #7 from Scott Ritchie scott@open-vote.org 2009-11-05 05:00:52 --- Some background: the Wine package was using the /etc/sysctl.d/ conf file before there even was a standard for how to name them. After that happened I renamed the file in the package to 30-wine.conf, however I never got around to adding code that would properly move the existing conf file. Since the package manager leaves old conf files around rather than deleting them, the end result is that you probably have two wine files in there, one properly named and one not.
The recent brouhaha about /etc/sysctl.d/ has prompted me to finally update the code and remove the old conf file properly - it should be coming as a stable release update for Ubuntu.
-
wine-bugs@winehq.org