Peter Andersson kanelballe@softhome.net writes:
The question is...Would you expect that damage from running a windows app in wine, when you know it could be safely run in Windows? In just a few embedded bytes in the code it could remove your home directory in a single syscall. Would you expect that? - I wouldnt.
You should. If you run untrusted code under your account it can do anything that you are allowed to. This is exactly equivalent to running an untrusted Linux app. From a security standpoint there is absolutely no difference between a Windows binary running under Wine and a Linux binary running natively.
You can use the DOS drive configuration to limit the potential problems a bug in a Windows app can cause; but it is impossible to protect against malicious code except by not running it. Wine is not, and cannot be, a sandbox for running untrusted code.
Cant we atleast try implement some protection in wine against these attacks, before something really nasty happens.
No, we can't.
I really agree that wine is safe enough. However, we should always remember that wine is bound to be used by former win users, who may have no concern about security. I often hear about people running wine as root or mapping '/' to a wine drive. I think that the wine code should protect the system from such _users_! Here is what I would do: Write a segment of code that will abort wine, if it is run as root (that is, just before wine starts anything). This piece of code should only be explicitly disabled in the 'configure' script. That way, only a wine-developer will be able to cause wine to run as root. It has to be that hard to do so. We should then stop hearing claims that 'wine is unsafe'.