Re: Wine Security Disclosure

[TheBlunderbuss]

There should be documentation in place beyond a simple entry in the appdb, since you all know as well as I do that the database does not and cannot cover every piece of software out there. For the most part, people don't even know it exists or they don't use it. There will be documentation about security, explaining what you could do/how you could run Wine and what kind of security that means. eg: Running as root: Programs running under Wine have full access to your system. A malicious program could damage your OS as well as read and write all of your personal files, passwords, etc. Running as user: Programs running under Wine have access to your personal files in ~/ . A malicious program could read and write all files that the user can read and write. Creating a separate user and... Logging into the user from kdm/xdm: Malicious programs can access only the special user's files. If the malicious program deletes this user's files, only the Wine-installed applications are at risk. Running with sudo -u : Same as above. Requires X permissions be transferred and extra setup steps. Relies on no bugs present in the sudo program This level of security info is something everyone should have easy access to and know before starting Wine. Of course, wherever I'm not accurate, feel free to fill in!