Ahoi!
I think it would be very usefull to disallow an application started with wine to connect to the network/internet by an options flag.
I'm new to this list and my coding skills are in its fledgling stages. So my part in this whole thing probably would be to watch and learn... :)
Unless somebody would help me to find out what I have to change... So I would try it by myself. But in consideration of the fact that I need this feature as soon as possible I would better like to just watch and learn... ;)
rauschi
______________________________________________________________ Verschicken Sie romantische, coole und witzige Bilder per SMS! Jetzt bei WEB.DE FreeMail: http://f.web.de/?mc=021193
On 3/20/06, rauschenimweltnetz@web.de rauschenimweltnetz@web.de wrote:
I think it would be very usefull to disallow an application started with wine to connect to the network/internet by an options flag.
Unless somebody would help me to find out what I have to change... So I would try it by myself. But in consideration of the fact that I need this feature as soon as possible I would better like to just watch and learn... ;)
I don't know how much of wine's source would need to be changed to disallow all network commands, but I know that this kind of thing is possible using iptables (particularly with the owner extension).
If you create a new user id (which will be the one you use to start the application, using su or sudo), something like 'nonet', then run the following:
iptables -I OUTPUT -m owner --uid-owner nonet -j REJECT --reject-with imcp-net-unreachable
or something like that (I haven't tested it), it will block the 'nonet' user and any applications started as it from sending network packets.
HTH, n0dalus.
Am Montag, 20. März 2006 12:55 schrieb n0dalus:
On 3/20/06, rauschenimweltnetz@web.de rauschenimweltnetz@web.de wrote:
I think it would be very usefull to disallow an application started with wine to connect to the network/internet by an options flag.
Unless somebody would help me to find out what I have to change... So I would try it by myself. But in consideration of the fact that I need this feature as soon as possible I would better like to just watch and learn... ;)
I don't know how much of wine's source would need to be changed to disallow all network commands, but I know that this kind of thing is possible using iptables (particularly with the owner extension).
If you create a new user id (which will be the one you use to start the application, using su or sudo), something like 'nonet', then run the following:
iptables -I OUTPUT -m owner --uid-owner nonet -j REJECT --reject-with imcp-net-unreachable
or something like that (I haven't tested it), it will block the 'nonet' user and any applications started as it from sending network packets.
I think what Rauschi suggested was a per-application setting to disable network access. A checkbox in winecfg or something. I think iptables won't help there, but I think such a setting could be helpfull - preventing applications from calling home and such...?
-
n0dalus -
rauschenimweltnetz@web.de -
Willie Sippel