* On Sun, 21 Oct 2007, Juan Lang wrote:
Isn't there another way to do this than with SOCK_RAW, or having to run wine as root?
In answer to your second question: yes, modify the Linux kernel not to have such restrictions.
Well, there are already patches which modifies it in one way or another. I refer to "man 7 capabilities" or web resources [1]-[3]. Some of approaches may be abandoned already, but I see recent discussion [4] on this and by [5] I judge SELinux already can handle this task.
Plus, I have found some recently updated tool called "Filesystem capabilities for linux" which also is not POSIX compatible (and so were old capabilities implementation for linux kernel):
| With this patch, you will be able to grant selective privileges to | executables on a needed basis. This means for some executables, there is | no need anymore to run as root or as a suid root binary. | | For example, you may drop the SUID bit from ping and grant the | CAP_NET_RAW capability: | | # chmod u-s /bin/ping | # chcap cap_net_raw=ep /bin/ping
If this is acceptable solution, then it probably would be nice for Wine to have separate binary for every needed capability. CAP_NET_RAW (for ICMP), CAP_SYS_RAWIO (for IO ports) and CAP_SYS_NICE (for threads priority) comes to mind.
This plan is to don't force users to give the bunch of capabilities to the main Wine binary (or even several of them) at once (so the security risk should be increased in a minimal way). But well, that could be a minor nuance for such users.
[1] http://www.securityfocus.com/infocus/1400 [2] http://lwn.net/Articles/79185/ [3] http://lwn.net/Articles/199004/ [4] http://lkml.org/lkml/2006/9/18/100 [5] http://lwn.net/Articles/79208/ [6] http://www.olafdietsche.de/linux/capability/