2009/11/8 Dan Kegel <d...@kegel.com>: > On Sun, Nov 8, 2009 at 3:25 AM, Ben Klein <shackl...@gmail.com> wrote:
>> I believe the type of sandboxing being discussed includes things like >> preventing Win32 apps from breaking out into native calls using the >> infamous interrupt trick. Correct me if I'm wrong though :) > No, I was thinking of native sandboxing, so even if they did > manage to make native calls, they couldn't do any harm. > Running as another uid is a fine example of a native sandboxing > technique. (So, on a single user system, you could have a > uid dedicated to running sandboxed apps, and it would be > unable to affect the regular user's data.) This would > only be useful for apps that don't need to load or save user data > (probably), for example, for casual games. Yes, Unix comes with pretty good sandboxing built-in in the form of separate user names. Then one could explicity open communication channels between the Unix environment and the Wine user, rather than trying to close off open-everything. Fairly obviously, it'll take some pretty substantial real-world need for this to get anywhere near the winehq tree! But it's an interesting idea. Imagine, successfully securiing Win32 ... - d.