Allow Wine ICMP/ping without running as root

Binary package hint: wine1.2

The program Ping Plotter is a network analysis tool that works under Wine, but only when run as root. Running Wine as root is something that should be avoided, both for security and usability reasons (sudo can mess up the ownership of files in the Wine folder).

One option is to use an SELinux feature and give Wine CAP_NET_RAW capability, which is something that should be done for the system ping as well (which I believe currently runs setuid root). The downside would be that any Windows program could then open raw sockets.

An old mail suggests another possibility: http://www.winehq.org/pipermail/wine-devel/2007-December/061479.html -- splitting Wine into different binaries with different permissions levels. I'm not sure how viable this is, as it would depend on splitting off different parts of the Windows API into secured and non-secured functions and then moving those functions into separate binaries. That would only be useful if there was an actual restricted (non-general) use of raw sockets in the API.

No matter if it's a bug or a linux kernel security limitation. There must be a proper solution!

I would need it for eMule's UploadSpeedSense feature... :(((

try sudo setcap cap_net_raw+epi /usr/bin/wine-preloader

We are closing this bug report because it lacks the information we need to investigate the problem, as described in the previous comments. Please reopen it if you can give us the missing information, and don't hesitate to submit bug reports in the future. To reopen the bug report you can click on the current status, under the Status column, and change the Status back to "New". Thanks again!

Thank you for taking the time to report this bug and helping to make Ubuntu better. My apologies as I should not have marked this Invalid. The issue that you reported is one that should be reproducible with the live environment of the Desktop CD of the development release - Maverick Meerkat. It would help us greatly if you could test with it so we can work on getting it fixed in the next release of Ubuntu. You can find out more about the development release at http://www.ubuntu.com/testing/ . Thanks again and we appreciate your help.

rusivi1 please read the bug reports more carefully before giving automated responses.

CAP_NET_RAW on the Wine binary is not the correct solution, as that gives all Windows programs raw socket capability (which they no longer expect, as Windows itself disabled this around XP service pack 2)

The real solution (also at http://bugs.winehq.org/show_bug.cgi?id=20854) is to have a Wine version of Windows ping.exe, and to give THAT program CAP_NET_RAW. It's possible this can be done by just wrapping the existing system ping program.

Even when this is fixed, it is unlikely to make the Wine1.2 branch in Ubuntu.

this is no more a supported version