2009/10/25 Nicholas LaRoche nlaroche@vt.edu:
From a usability standpoint, adding switches to wine for sandboxing is a good thing. But it seems to only cover the APIs exported by wine. A specially crafted win32 wine-aware malware app could leverage sys_open(1) and sys_write(4) via int 80h to bypass this isolation and install itself anywhere in the users home directory. e.g. this malware could open ~/.bashrc and install linux specific malware that executes the next time you open a shell.
Yes. It would be exceedingly foolish to claim to offer security that cannot be delivered.
(I'd sugest big warnings. "WARNING: any Windows app can do anything on your system that the user it is running as can do. If you want to study malware, use WineZero or similar.")
Perhaps the app-specific package that you mentioned can be shipped with an AppArmor/SELinux profile that prohibits syscalls from originating anywhere in user code. (Assuming that the other sandboxing changes are made to wine).
This would need some really serious testing before making such a promise, of course. i.e., will Wine itself still work?
- d.