On Mon, 22 Aug 2016 15:28:39 +0200 Jens Reyer jre.winesim@gmail.com wrote:
What are the security implications? Won't this make it easier for malware to execute without being Wine-aware, or am I just being paranoid?
We don't enable binfmt in Debian for exactly this reason (see https://bugs.debian.org/819255). So I'd also be interested in other opinions.
It's good to know I'm not just imagining things. :-)
E.g. above mentioned bug already states: "[binfmt] is also helpful for security because it allows each Windows program to be run with different AppArmor profile." However this doesn't require automatically enabled binfmt support, just the possibility to do so.
IMO, the majority of users aren't using AppArmor, and we shouldn't be creating security risks for them. I also think that users who are technically skilled enough to create multiple AppArmor profiles should also be capable of following instructions for enabling binfmt support themselves. The actual problem for this user (who started on the forum, btw) is that I have been unable to find step-by-step instructions for Ubuntu. (There are instructions on the Arch wiki, but the user reported they didn't work on Ubuntu.)
My preferred resolution to bug 39884 would be WONTFIX with an explanation of why, but it would be nice if someone could come up with step-by-step instructions for enabling binfmt support for Wine on Ubuntu that we could link to or add to our Ubuntu wiki page (with a warning about the risks).