On Sunday 27 October 2002 11:37, Peter Andersson wrote:
What is it with you people? I was just trying to make a point about the security risks about using wine at present. And you start flameing me?
I don't see any flames, just strong criticism of your idea for which you may not have thought all the issues through. WINE is not a sandbox as Alexandre pointed out, because writing a sandbox for any system is hard work: as proof look at the complexity of Valgrind, a program which emulates an x86-Linux system on top of another x86-Linux system for diagnostic purposes. Think how much harder it is to write the same kind of code for an OS when you've not got the same OS under your feet; it would be a slow-performing monster of a program.
Given that WINE is not a sandbox, simplistically it's a translator of system calls & binary formats, the risks of running a WINE-based program are exactly the same risks you run with any unknown binary code, so any checks on sanity of syscalls are better done in the kernel or general-purpose executable wrapper than in WINE specifically.
I started a conceptually similar emulator project to WINE a while ago for another OS (riscose.sf.net): a program to run RISC OS binaries on Unix. The issues are the same: just because malicious code comes from an unfamiliar OS doesn't make its destructive capabilities any different from native code, so if you're looking to tighten security of WINE programs, look to the same methods you'd use to tighten security of *any* unknown program: run it as a different user, run it in a Usermode Linux instance (user-mode-linux.sf.net), use kernel patches to restrict its use of system calls. But WINE shouldn't be bothered with any of this.
If you're interested in playing with this kind of work, I know someone has written a Python-based framework (called Subversion or Subterfuge or something like that, sorry, can't find a link...) which lets you run any Linux process with bits of Python code intercepting and changing or barring system calls on the fly. That could be used to prototype a much more general Linux security framework, and one that could be used for more projects than just WINE.
cheers,