Re: No C Drive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, May 29, 2008 at 9:57 PM, oiaohm <wineforum-user@xxxxxxxxxx> wrote:
> austin987 Never ever do the quoted on a Linux system
>
>> $ sudo wineboot
>> $ sudo wine foo.exe
>> will work fine (need some way for users that need raw ICMP/disk
>> access/etc. to work around it)
>
>
> Raw ICMP and Disk access can be granted many other ways without using sudo.  Sudo grants the right to a virus in wine to take out your complete OS.
>
> I normally stick to posix capiblities to grant them.
>
> If you distro is old or don't have posix file capiblities in kernel.
>
> From http://ftp.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4/capfaq-0.2.txt
>
>> How do I start a process with a limited set of capabilities under
>> another uid?
>>
>> Use the sucap utility which changes uid from root without loosing any
>> capabilities.  Normally all capabilities are cleared when changing uid
>> from root.  The sucap utility requires the CAP_SETPCAP capability.
>> The following example starts updated under uid updated and gid updated
>> with CAP_SYS_ADMIN raised in the Effective set.
>>
>> sucap updated updated execcap 'cap_sys_admin=eip' update
>>
>
>
> Or if your kernel has support of file capiblies create a version of wine with a little more permissions. setfcaps -c cap_net_raw=p -e /bin/ping
>
> There has been no reason to run wine on Linux as root since late 2.2 linux kernels and early 2.4 linux kernels.  Personally I really do wish that a bail out patch would get added to wine for all Linux systems.  Even running services there is no reason for wine to be root.
>
>
>
>
>
>

First example I could think of off hand. For power users that need a
way to run as root, that's the way to do so (binding to ports < 1024,
etc.)


[Index of Archives]     [Gimp for Windows]     [Red Hat]     [Samba]     [Yosemite Camping]     [Graphics Cards]     [Wine Home]

  Powered by Linux