2009/10/25 Nicholas LaRoche <[email protected]>: > From a usability standpoint, adding switches to wine for sandboxing is a > good thing. But it seems to only cover the APIs exported by wine. A > specially crafted win32 wine-aware malware app could leverage sys_open(1) > and sys_write(4) via int 80h to bypass this isolation and install itself > anywhere in the users home directory. > e.g. this malware could open ~/.bashrc and install linux specific malware > that executes the next time you open a shell.
Yes. It would be exceedingly foolish to claim to offer security that cannot be delivered. (I'd sugest big warnings. "WARNING: any Windows app can do anything on your system that the user it is running as can do. If you want to study malware, use WineZero or similar.") > Perhaps the app-specific package that you mentioned can be shipped with an > AppArmor/SELinux profile that prohibits syscalls from originating anywhere > in user code. (Assuming that the other sandboxing changes are made to wine). This would need some really serious testing before making such a promise, of course. i.e., will Wine itself still work? - d.
