On Sun, Sep 12, 2010 at 10:24 PM, Scott Ritchie scott@open-vote.org wrote:
On 09/12/2010 05:57 PM, Mike Kaplinskiy wrote:
CAP_NET_RAW should enable ping to work just fine I think. setuid seems a little too dangerous on the current wineserver, we don't do many checks and a few bugs on our side will turn the os into windows, and not in a good way. Better stick to cap's for now while we don't need all the uid 0 features.
Mike.
Will today's Wine actually make use of CAP_NET_RAW if it has it on Linux?
Perhaps more importantly, could Wine include a "wineping" program that has CAP_NET_RAW so we can get programs that use pings working without letting arbitrary programs craft their own raw sockets?
Thanks, Scott Ritchie
Unless we decide to change who creates the sockets, the wineserver needs CAP_NET_RAW, not a particular program. We don't take advantage of the caps of the executable (mostly?). It actually wouldn't be too hard to have the app create the socket and not the server.
Mike.