[prev in list] [next in list] [prev in thread] [next in thread]
List: wine-devel
Subject: Re: Wine securityflaw.
From: Raul Dias <chaos () swi ! com ! br>
Date: 2002-10-31 21:44:16
[Download RAW message or body]
Greg Turner <gmturner007@ameritech.net> wrote:
>On Thursday 31 October 2002 08:10 am, Raul Dias wrote:
>> My $0.02,
>>
>> A way to make it more secure is to catch key API calls and decide if
>> the application is allowed to run it or not.
>
>not a bad idea.
>
>> Wine could implement a clean Security Layer: YES
>
>Clean, perhaps, but secure? That depends on what you are trying to
>achieve: since the unix API is available to apps running under wine,
>such measures will only secure applications which don't specifically
>check for wine and circumvent its api-level security measures.
>
>So, for example, this could be used to protect a system against security
>flaws in Internet Exploder or Outlook... but a malicious virus writer
>could work around winapi-based security provisions, as discussed
>earlier in this thread.
In this case I agree that the OS should provide the security layer,
not wine.
Wine should provide security only for (or "at least for") WIN32 API
flaws.
[]'s
Raul Dias
>
>--
>gmt
>
>"The purpose of government is to rein in the rights of the people"
> --President Bill Clinton, MTV interview, 1993
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic