14 Jan
2009
14 Jan
'09
10:57 a.m.
As long as the facilities exist for keeping an entire wine bottle isolated from other bottles (and ~/) I don't see this being a major issue.
They don't.
Even if you don't have a drive link pointing out of a bottle, a Windows app running in Wine can still call Linux syscalls(int 0x80). This is possible/needed because Windows apps run as a regular Linux process that links in Linux libraries which perform linux syscalls.
So any Windows malware can break out of the Wine "sandbox"(which isn't a sandbox really) by simply using linux syscalls.