Ubuntu 10.10 is coming out soon, and its new kernel settings prevent Wine apps from looking at each others' memory. This breaks World of Warcraft, among other things. See: http://bugs.winehq.org/show_bug.cgi?id=24193
What's needed is a very small shim for Wine that can be setuid 0, but then release all capabilities except what Wine actually needs -- what a normal user has, and cap_sys_ptrace. On an Ubuntu system, this is very similar to what DHCP and PING do -- setuid 0, however they drop all privs except cap_net_rawio at the start. Existing code can be used: http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/dapper/dhcp3/dapper/annotate/head%3A/debian/patches/droppriv.dpatch http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/dapper/dhcp3/dapper/annotate/head%3A/debian/patches/deroot-client.dpatch Basically, I need someone to write this shim for me. The long term solution is probably to just package Wine such that the wine binary itself has cap_sys_ptrace, however currently Ubuntu has no support for this kind of extended attribute in the packaging system so workarounds like the above for DHCP need to be done. I suspect other distros have similar issues. Thanks, Scott Ritchie
