Re: [newbie] Any 'Wine' expert out there?

Sun, 26 Dec 2004 08:28:41 -0800 

Anne Wilson wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Saturday 25 Dec 2004 23:24, Mikkel L. Ellertson wrote:



Anne,
 It is mainly vulnerable when running windows programs.  It should be
possible to create something that runs under Linux that would target
Wine, I don't see that happening. The problem is that when you are
running Windows programs, you can also run things like VB scripts. But
the damage is limmited to your user, and not the entire system, as it
would be under Windows. One way to limit things would be to have a
different user that you log in as to run Wine. If your normal user is a
member of the Wine user's group, and you have a group writable
directory, sharing data between the two is easy. You can access this as
your normal user, but the Wine user can not access anything in your
normal user's directory.

Mikkel



That sounds reasonable precautions. On a related issue, then, is it possible to force any file written to a specific directory to have the permissions related to that directory? IOW, could you designate one directory to be for the use of group 'wine', and any file written to that directory would automatically be written as belonging to group 'wine'?

I don't want this to turn into a complete hijack, but security related to wine would, presumably, also be of interest to the original poster.

Anne


This is easy. Set the group ownership of the directory to wine, and set the SGID bit on the directory. I usualy do this in Midnight Commander (mc), and there is a check box for it. When used with programs, ir sets the group the program is running under tothe group of the program, but when you do it to a directory, it sets the group ownership of any file/directory created in the directory to the same group as the directory. (Like the SUID bit, but for group rather then owner.)

The one thing to watch out for is that this doesn't change the permissions that the file is saved with, so the file may not be group writable. But you can always change the default for user wine in ~/.bashrc if you only want it for that user.

Mikkel

--
Do not meddle in the affairs of dragons,
for you are crunchy and taste good with Ketchup!


____________________________________________________
Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________

Reply via email to