Stefan Dösinger wrote:
I see your point though, since none of the aforementioned security precautions are commonplace or specifically targeted to wine.
A security measure targetted to wine would be a wrong thing IMO.
Either its designed for Windows, then it will protect the Windows apps in Wine the same way. With exceptions of course, anything based on rootkits will probably never work, and it may not know how to deal with int 0x80 syscalls
Or design it for a generic Linux app, and it will protect the Windows app running in Wine(Windows app + Wine == regular Linux process). Again there are possible exceptions. Some security measures can break Windows apps, for example Adress space randomization can break apps.
What works only in a very limited fashion is using Windows apps to protect the Linux system. You can use a virus scanner to do a manual check over your drives, but scan-file-on-open features will likely fail.
I've run into problems with ASR when using wine with some apps. If you do a: `setarch $(uname -p) RL wine ./app` and disable ASR then it works again.
Any security policy would have to be targeted as if the program was written for Linux. It wouldn't be much more involved than limiting what it can see and do just like policies that target httpd and other services.