--- Steve Langasek vorlon@dodds.net wrote:
On Thu, Oct 24, 2002 at 11:19:21AM -0700, Dustin
Navea wrote:
--- Steve Langasek vorlon@dodds.net wrote:
On Thu, Oct 24, 2002 at 08:08:49AM -0700, Dustin
Navea wrote:
Just as wine should not be run as root, file i/o
in
wine should NEVER be
done in a security context other than that of
the
user running the Windows
app. Anything that would cause user data files
to
be written out under a
different uid is broken.
Thats not what I'm saying, what I'm saying is
this:
Yes, that *is* what you're saying. Having the file
get saved to the Unix
fs with owner and group wine is most definitely a
user data file "[being]
written out under a different uid." That is
absolutely out of the
question. I will never knowingly permit software
that works this way
to be installed on my systems.
Not exactly, because as the fact that wine is the
program saving it, and wine is running under
user/group wine (in the future), it will save it as
user/group wine.
So he goes and changes the owner/group to
speeddy/speeddy, oepns the file in kword, adds a
few
more lines, and saves it.
Um, and how exactly is this supposed to happen on a
multiuser system? You
*cannot* change the ownership of a file without root
privileges.
that is what im saying, he does:
sudo chown speeddy.speeddy /path/to/filename
At best,
if you have write perms on the directory the file's
in and you have read
access to the file, you can copy the file and delete
the original, giving
you a single copy that's owned by you. But this is
only the least of the
reasons why Windows apps should not be writing to
files as user "wine" to
begin with.
I knew that much already ;) But if wine is to run as
a "service" (i.e. load at bootup via an initscript)
and acutally be functional as well as user-friendly,
it will have to run in it's own account, just like
apache and pgsql do and like i believe named does...
-Dustin
__________________________________________________
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/