On Sunday 27 October 2002 22.19, Francois Gouget wrote:
On Sun, 27 Oct 2002, Peter Andersson wrote:
What is it with you people? I was just trying to make a point about the security risks about using wine at present. And you start flameing me?
We're not flaming you. We're just see big flaws with your proposal. We also proposed alternatives that seem to make more sense to us.
Why don't you study how chroot or jail could be used in combination with Wine to build a sandbox? As far as I know no-one has tried that and it is possible that some changes in Wine could make things simpler to set up. Of course, we won't know until someone actually tries this.
Finally someone that takes my concerns serriously, thank you!
I agree. Using chroot could offer the functionality Im looking for.
I will try the chroot model for now, I have a feeling that this wont be enough though, but we will see. Something in the chroot manside got me puzzled:
... ... ... Only the super-user may change the root directory.
Note that this call does not change the current working directory, so that `.' can be outside the tree rooted at `/'. In particular, the super-user can escape from a `chroot jail' by doing `mkdir foo; chroot foo; cd ..'. ... ... ...
I will have to figure out the consequences of this odd behaviour, it certainly dont sound very safe at first look. Maybe jail is much better, but it seems to require porting as you said.
//Peter