--- Steve Langasek vorlon@dodds.net wrote:
On Thu, Oct 24, 2002 at 11:19:21AM -0700, Dustin Navea wrote:
--- Steve Langasek vorlon@dodds.net wrote:
On Thu, Oct 24, 2002 at 08:08:49AM -0700, Dustin Navea wrote:
Just as wine should not be run as root, file i/o
in
wine should NEVER be done in a security context other than that of
the
user running the Windows app. Anything that would cause user data files
to
be written out under a different uid is broken.
Thats not what I'm saying, what I'm saying is
this:
Yes, that *is* what you're saying. Having the file get saved to the Unix fs with owner and group wine is most definitely a user data file "[being] written out under a different uid." That is absolutely out of the question. I will never knowingly permit software that works this way to be installed on my systems.
Not exactly, because as the fact that wine is the program saving it, and wine is running under user/group wine (in the future), it will save it as user/group wine.
So he goes and changes the owner/group to speeddy/speeddy, oepns the file in kword, adds a
few
more lines, and saves it.
Um, and how exactly is this supposed to happen on a multiuser system? You *cannot* change the ownership of a file without root privileges.
that is what im saying, he does: sudo chown speeddy.speeddy /path/to/filename
At best,
if you have write perms on the directory the file's in and you have read access to the file, you can copy the file and delete the original, giving you a single copy that's owned by you. But this is only the least of the reasons why Windows apps should not be writing to files as user "wine" to begin with.
I knew that much already ;) But if wine is to run as a "service" (i.e. load at bootup via an initscript) and acutally be functional as well as user-friendly, it will have to run in it's own account, just like apache and pgsql do and like i believe named does...
-Dustin
__________________________________________________ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/
-
Dustin Navea