On Saturday 26 October 2002 11:43 pm, Francois Gouget wrote: > On Sat, 26 Oct 2002, Greg Turner wrote: > > That is, wine "emulates" an OS with no security measures at the > > filesystem level, no security policy regarding what API's can be called > > (except as provided by the CPU itself), and so on. > > I agree that there is a problem of perception so I will quickly clarify > the above sentence, lest it be mis-interpreted and contribute to that > perception problem. > > When reading 'wine "emulates" an OS with no security measures at the > filesystem level' I think most people will think that Windows > applications running under Wine can read and modify any file on the Unix > system, including system files and files not belonging to the user > running the application. This is of course not the case!
good call. thanks for that clarification. > (however I will quickly point out that the NT security model suffers > from a serious design flaw which lets processes escalate privileges in a > way which is currently simply impossible in Wine, for more details see > http://security.tombom.co.uk/shatter.html) seen this one, too. interesting article; there's an even more interesting follow up at http://security.tombom.co.uk/moreshatter.html. If were very careful to do everything "just like windows" I think we could reproduce these flaws in a year or two :) At http://security.tombom.co.uk/aboutfoon.html, the author (who calls himself "Foon") boasts "Able to program in 23 languages on 14 platforms, Foon takes an average of 3 days to learn a new programming language." ... That means he's spent exactly 69 days learning programming languages en toto. > AFAIK the Win32 API (unlike the Unix API, see chroot) does not make it > possible to prevent a process from accessing or modifying files > belonging to the current user. This is another argument for a permissions mapping scheme instead of direct translation of Unix permissions to wine permissions, as I see it. Of course, this leads us back to the Wine Is Not an Emulator "problem" as previously discussed... so I guess I'm going in mental circles and, in a sense, contradicting myself... time to shut up and get back to work on RPC :) -- gmt "The purpose of government is to rein in the rights of the people" --President Bill Clinton, MTV interview, 1993