On 09/29/2010 07:12 AM, Alexandre Julliard wrote: > Scott Ritchie <sc...@open-vote.org> writes: > >> Ubuntu 10.10 is coming out soon, and its new kernel settings prevent >> Wine apps from looking at each others' memory. This breaks World of >> Warcraft, among other things. See: >> http://bugs.winehq.org/show_bug.cgi?id=24193 >> >> What's needed is a very small shim for Wine that can be setuid 0, but >> then release all capabilities except what Wine actually needs -- what a >> normal user has, and cap_sys_ptrace. > > I don't think that's a good idea. CAP_SYS_PTRACE allows access to any > process, so it's a lot more dangerous than the standard ptrace checks > that Ubuntu decided to break. Going back to the default behavior is > probably safer than making Wine setuid... >
Unfortunately the default behavior can only be set globally, so that leaves me with: 1) make installing the package cause the global change 2) the above idea 3) do nothing I'm not sure which is worse, although I know doing nothing breaks a lot of apps. The long term solutions are described at the bug however. It would be rather nice if there were a cap_sys_ptrace that were at least restricted to other processes owned by that user...
