[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wine-devel
Subject:    Re: Wanted: small C program to drop all capabilities
From:       Scott Ritchie <scott () open-vote ! org>
Date:       2010-09-29 18:38:09
Message-ID: 4CA38791.2060403 () open-vote ! org
[Download RAW message or body]

On 09/29/2010 07:53 AM, Scott Ritchie wrote:
> On 09/29/2010 07:12 AM, Alexandre Julliard wrote:
>> Scott Ritchie <scott@open-vote.org> writes:
>>
>>> Ubuntu 10.10 is coming out soon, and its new kernel settings prevent
>>> Wine apps from looking at each others' memory.  This breaks World of
>>> Warcraft, among other things.  See:
>>> http://bugs.winehq.org/show_bug.cgi?id=24193
>>>
>>> What's needed is a very small shim for Wine that can be setuid 0, but
>>> then release all capabilities except what Wine actually needs -- what a
>>> normal user has, and cap_sys_ptrace.
>>
>> I don't think that's a good idea. CAP_SYS_PTRACE allows access to any
>> process, so it's a lot more dangerous than the standard ptrace checks
>> that Ubuntu decided to break. Going back to the default behavior is
>> probably safer than making Wine setuid...
>>
> 
> Unfortunately the default behavior can only be set globally, so that
> leaves me with:
> 
> 1) make installing the package cause the global change
> 2) the above idea
> 3) do nothing
> 
> I'm not sure which is worse, although I know doing nothing breaks a lot
> of apps.  The long term solutions are described at the bug however.
> 
> It would be rather nice if there were a cap_sys_ptrace that were at
> least restricted to other processes owned by that user...
> 
> 

Actually there's a 4th option that I hadn't realized: apps can give up
their own ptrace protection.  So Wine can do that for all Wine apps.
This should be fairly easy (details at bug report).


[prev in list] [next in list] [prev in thread] [next in thread]