Stefan Dösinger wrote: >> As long as the facilities exist for keeping an entire wine bottle >> isolated from other bottles (and ~/) I don't see this being a major >> issue. > They don't. > > Even if you don't have a drive link pointing out of a bottle, a Windows app > running in Wine can still call Linux syscalls(int 0x80). This is > possible/needed because Windows apps run as a regular Linux process that > links in Linux libraries which perform linux syscalls. > > So any Windows malware can break out of the Wine "sandbox"(which isn't a > sandbox really) by simply using linux syscalls. > > >
On more recent distros (FC9/10) SELinux is enabled by default. Rolling a policy specifically for an untrusted bottle would severely limit the damage it could do. It could restrict all unnecessary read/write/execute access outside of the ~/.wine folder for wineserver and the program. I see your point though, since none of the aforementioned security precautions are commonplace or specifically targeted to wine.
