-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
James Hawkins wrote: | On Fri, Apr 11, 2008 at 7:45 PM, Benjamin M. Schwartz |> Then how about a patch that specifically prevents users from running wine |> as root over a profile that is not owned by root? I am trying to run wine |> as a non-root user over a profile owned by another non-root user that has |> been chmod'ed appropriately. |> | | Running as root was just a specific example. The second case isn't | allowed either. | I appear to have hit a nerve here; "isn't allowed" is surprisingly strong language for an open source software project.
I'm particularly surprised because I cannot imagine any reasonable scenario in which allowing non-root users to run in .wine/ directories that they do not own is a security risk. There is no privilege escalation here; the non-root user is still required by the kernel to operate within the bounds of posix permissions.
I need the ability to run in profiles as a user who is not the "owner" of the files on disk. I am doing this quite specifically because, in my case, this greatly _increases_ the security of the system. In fact, it allows complete sandboxing of each Wine instance, isolating it from the rest of the system by kernel-level mechanisms.
I would prefer not to maintain a patched fork of Wine just to get this trivial feature. That doesn't benefit anyone. I'm sure we can find a way to provide this ability without compromising the security of users in the general case.
- --Ben