|
|
|
|
|
|
by avadodin
154 days ago
|
|
|
Maybe change the name to Wins? Wine is not a Sandbox but come on. Everyone has been using it as if it was. Even Bottles was only a prefix-manager until a couple months ago. I think it should be and also disallow Linux syscalls and Z: drive accesses by default from within the "sandbox" on top of that in order to reduce the attack surface. |
|
|
This is not even remotely sufficient. A malicious application could modify the memory pages of WINE code and execute direct syscalls anyway.
If you want sandboxing, use a Linux sandboxing solution on WINE. It's far too late to try to bolt on sandboxing now.