Wine + firejail = No loss of privacy/security?

Discussion in 'all things UNIX' started by zakazak, Jun 18, 2017.

  1. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    529
    Hello everyone,

    with wine being a layer on the linux system and allowing any windows executable file to run completely on Linux as it would on Windows, I am thinking that wine itself is a great risk in terms of security & privacy?

    So I thought, what about using firejail with Wine to lets all the "windows files" only access certain folders, without internet,.... ? Also what ever I would run, would be killed after a reboot?

    Or should I still try to dodge wine?
     
  2. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,803
    I haven't used wine for a long time - but there is a ready-to-use profile that comes with Firejail. With the included *.inc files a lot of folders/files in home are blacklisted. You might want to add more blacklist rules for your documents or whatever. A neat trick is also to remove the z: drive.
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,144
    Yes, Windows malware running with Wine in Linux could pwn you. However, you need to configure stuff in Wine during installation. But maybe malware installers could handle that.
     
  4. Balthazar

    Balthazar Registered Member

    Joined:
    Nov 8, 2013
    Posts:
    166
    Location:
    Earth
    I would dodge wine completely and use Windows on another hard drive. I hardly use Windows but when I need to I just swap hard drives.
     
  5. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    529
    Well, I started using firejail and it has a policy for wine. So now e.g. with Microsoft Word I cannot open anything that is not in the allowed folder (/home/user/Windows/).

    So that should be pretty safe?
     
  6. Balthazar

    Balthazar Registered Member

    Joined:
    Nov 8, 2013
    Posts:
    166
    Location:
    Earth
    I guess so but I think @summerheat is the expert regarding firejail. Let's wait for his opinion. ;-)
     
  7. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,803
    Thanks for the kind words - but I wouldn't say that I'm a Firejail expert, I'm just an interested user ;)

    Well, that's hard to tell as you haven't shown us your your modified profile or rather the specific rules you added. If you want to make sure that only /home/user/Windows can be accessed it's probably best to create a whitelisted profile. In the console I would navigate to ~/.wine and execute firejail --private. Then you should be able to execute, e.g., Word with wine word.exe. The find . command should show you which files/folders are accessed. Many of them are probably already contained in /etc/firejail/whitelist-common.inc which should be added to your profile as suggested in step 3 on that site.
     
  8. Amanda

    Amanda Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,088
    Location:
    Brasil
    I was wondering the same thing, but I'm not taking chances with WINE.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.