Hacker News new | ask | show | jobs
by pxc 1647 days ago
> - No filesystem sandbox.

Every WINEPREFIX defines its own Windows disk drives, so the filesystem is effectively sandboxed. Conventionally, there's (often? always?) a Z:\ drive which points to / on the Linux filesystem, but there doesn't have to be. You can add or remove drive mappings without any additional tools beyond WINE itself, and applications running under WINE can't see files that don't have drives mapped to them, afaik.

Your other two points are correct, though.
1 comments
snvzz 1647 days ago
>Every WINEPREFIX defines its own Windows disk drives, so the filesystem is effectively sandboxed.

No, it is definitely not effectively sandboxed. You only need to access / instead of Z:. Wine has no sandbox mechanisms built in. It is also a fairly large codebase which definitely has a bug or two that could be exploited to get around such mechanisms if they existed.

To effectively sandbox, you need the kernel's help. Linux offers namespaces and control groups.

The way you use these comfortably behind a layer of abstraction is through containers. Bottles uses flatpak for the purpose.

link
pxc 1647 days ago
> No, it is definitely not effectively sandboxed. You only need to access / instead of Z:. Wine has no sandbox mechanisms built in. It is also a fairly large codebase which definitely has a bug or two that could be exploited to get around such mechanisms if they existed.

If you don't have Z:\ enabled, how do you actually access those Unix-like paths? When I launch a WINE command prompt in a prefix with no Z:\ enabled, I get:

  wine: could not open working directory L"unix\\home\\pxc\\", starting in the Windows directory.
  Microsoft Windows 6.1.7601

  unix\home\pxc>dir
  Syntax error

  unix\home\pxc>cd ..

  unix\home>dir
  Syntax error
and so on. What Windows APIs are Windows programs supposed to use that will let them see parts of the Linux filesystem that are not mapped as Windows drives in WINE?

> To effectively sandbox, you need the kernel's help. Linux offers namespaces and control groups.

> The way you use these comfortably behind a layer of abstraction is through containers. Bottles uses flatpak for the purpose.

This is an improvement for sure, but I've never, ever had some WINE program run amok on my hard disk outside of the drives letters defined for it in the WINE configuration.

Thanks for pointing out the more thoroughgoing sandboxing that Bottles uses beyond just the WINE drive mapping, though.

link