On Fri, 2010-11-05 at 09:21 -0500, doh123 wrote: > make a launcher program called wine that is used to launch the program > you want.. that only allows the one you want to be run... anything > else will not run. It will launch by using some other file you've > somehow hidden as the executable for wine... renaming wine to > whatever, maybe a hidden file, or something unsuspecting. > There's a relatively simple way to do that, which doesn't require wine to be renamed, by changing the default PATH definition, though it can be gotten round in exactly the same way as doh123's plot can be circumvented: - create a shell script called wine (details below) - put it in a directory by itself, e.g. /usr/local/wbin - change the default search path so this is always the first directory to be searched. The search path is set up in /etc/profile. In this cast you'd add pathmunge /usr/local/wbin to /etc/profile after the last pathmunge call but before the 'unset pathmunge' line. This means that anybody running 'wine' will always execute your script and 'which wine' will report your script too. The 'wine' script can be something as simple as: #!/bin/bash shift /usr/bin/wine permitted_program $* which will discard the first argument, assumed to be the program name, and pass the remaining arguments to the program you want it to run. Put anything else you need to run the permitted program, such as 'export WINEPREFIX=...' or cd commands, between 'shift', which discards the first argument, and the line that runs wine. Martin > If anyone tries the wine command it'll actually be using your custom > launcher program instead of the real wine executable. Anyone who > finds out what the real wine executable is named will be able to use > it though.... unless you purposefully make it where it cannot run > because it cannot find its libraries unless its launched a certain > way, which you have in your custom launcher program (which can't be a > plain text script or they can just read it easy). That can still be > figured out by enterprising users if they really want to. I cannot > think of any 100% sure way to prevent the "wine" command from being > used as it was designed to be used. > > > >
