|
|
|
|
|
|
by ronsor
155 days ago
|
|
|
> I think it should be and also disallow Linux syscalls and Z: drive accesses by default from within the "sandbox" on top of that in order to reduce the attack surface. This is not even remotely sufficient. A malicious application could modify the memory pages of WINE code and execute direct syscalls anyway. If you want sandboxing, use a Linux sandboxing solution on WINE. It's far too late to try to bolt on sandboxing now. |
|
|