Allow Wine ICMP/ping without running as root
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Wine |
Fix Released
|
Wishlist
|
|||
wine1.2 (Ubuntu) |
Invalid
|
Low
|
Unassigned |
Bug Description
Binary package hint: wine1.2
The program Ping Plotter is a network analysis tool that works under Wine, but only when run as root. Running Wine as root is something that should be avoided, both for security and usability reasons (sudo can mess up the ownership of files in the Wine folder).
One option is to use an SELinux feature and give Wine CAP_NET_RAW capability, which is something that should be done for the system ping as well (which I believe currently runs setuid root). The downside would be that any Windows program could then open raw sockets.
An old mail suggests another possibility: http://
Changed in wine: | |
status: | Unknown → Invalid |
Changed in wine: | |
importance: | Unknown → Low |
Changed in wine: | |
importance: | Unknown → Wishlist |
status: | Unknown → Confirmed |
Changed in wine: | |
status: | Confirmed → Fix Released |
$man ping
"SECURITY
ping requires CAP_NET_RAWIO capability to be executed. It may be used as set-uid root."