On 09/29/2010 07:53 AM, Scott Ritchie wrote: > On 09/29/2010 07:12 AM, Alexandre Julliard wrote: >> Scott Ritchie <sc...@open-vote.org> writes: >> >>> Ubuntu 10.10 is coming out soon, and its new kernel settings prevent >>> Wine apps from looking at each others' memory. This breaks World of >>> Warcraft, among other things. See: >>> http://bugs.winehq.org/show_bug.cgi?id=24193 >>> >>> What's needed is a very small shim for Wine that can be setuid 0, but >>> then release all capabilities except what Wine actually needs -- what a >>> normal user has, and cap_sys_ptrace. >> >> I don't think that's a good idea. CAP_SYS_PTRACE allows access to any >> process, so it's a lot more dangerous than the standard ptrace checks >> that Ubuntu decided to break. Going back to the default behavior is >> probably safer than making Wine setuid... >> > > Unfortunately the default behavior can only be set globally, so that > leaves me with: > > 1) make installing the package cause the global change > 2) the above idea > 3) do nothing > > I'm not sure which is worse, although I know doing nothing breaks a lot > of apps. The long term solutions are described at the bug however. > > It would be rather nice if there were a cap_sys_ptrace that were at > least restricted to other processes owned by that user... > >
Actually there's a 4th option that I hadn't realized: apps can give up their own ptrace protection. So Wine can do that for all Wine apps. This should be fairly easy (details at bug report).
