On 09/29/2010 03:14 PM, Scott Ritchie wrote:
Ubuntu 10.10 is coming out soon, and its new kernel settings prevent
Wine apps from looking at each others' memory. This breaks World of
Warcraft, among other things. See:
http://bugs.winehq.org/show_bug.cgi?id=24193
What's needed is a very small shim for Wine that can be setuid 0, but
then release all capabilities except what Wine actually needs -- what a
normal user has, and cap_sys_ptrace.
Pardon my ignorance but why is Ubuntu restricting the ptrace'ing of
processing belonging to the same uid?
On an Ubuntu system, this is very similar to what DHCP and PING do --
setuid 0, however they drop all privs except cap_net_rawio at the start.
Existing code can be used:
http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/dapper/dhcp3/dapper/annotate/head%3A/debian/patches/droppriv.dpatch
http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/dapper/dhcp3/dapper/annotate/head%3A/debian/patches/deroot-client.dpatch
Basically, I need someone to write this shim for me. The long term
solution is probably to just package Wine such that the wine binary
itself has cap_sys_ptrace, however currently Ubuntu has no support for
this kind of extended attribute in the packaging system so workarounds
like the above for DHCP need to be done. I suspect other distros have
similar issues.
Doubt that Fedora has that problem as they are using SELinux to restrict
what processes can do. There is a policy for Wine and rpm supports the
setting of the correct SELinux context on rpm installation/upgrade time.
bye
michael
