But those are small fries, not “the provider of games”
They have less to loose, then. That’s just as dangerous, if not more.
I’m a small fry too, would you run a binary I send you without any form of sandboxing?
we don’t run games as root
No, we typically run them with the same user that stores all our useful private data and that we typically type our passwords with.
Also, why are you OK with that level of sandboxing? don’t you want more “control”? You say containers are bad, but using user roles to protect parts of the system is ok? why are you not running all as root if you want “control”?
we are speaking about Wine, so what they see is limited to WINEPREFIX
Not really, by default you have access to other drives (Z:\ being /, the fs root), wine is not a perfect sandbox, it’s not designed for that… and if you actually did want it to become one (which ultimately would also lead to a need for memory separation to fight memory-leak attacks) then it would not be that different from what’s being pursued. You’d be essentially building the container in a custom version of wine shipped by Valve on Steam, it does not make any difference in terms of “control”.
I’m a small fry too, would you run a binary I send you without any form of sandboxing?
If you provide a “legal endpoint”, we construct a document proving that you’ve sent me the binary and convince me that it does something I’d like to do, then yes. With such documentation trail that is how running a game works. Of course, in case of games I do rely on the fact that I’m not the only one you’ve sent me the binary, so it probably was inspected by those more non-trusting than me. But I think that is besides the point
The point is, if then, in the middle someone comes in and says “now I’m going to repackage everything Ferk sents you, for now you can inspect the files but I’m introducing distribution tools that will allow me, in the future, to lock you out of that completely”, then I’m not too happy
we typically run them with the same user that stores all our useful private data and that we typically type our passwords with
Pirvate data at rest should be encrypted and if we are afraid of keyloggers in the games, we don’t have to type passwords to important things when we play. Not to mention 2FAs and other measures preventing leaking whole password
Also, why are you OK with that level of sandboxing?
Because now I can freely go into the WINEPREFIX and inspect the files, replace dlls, etc. I can run a program alongside the game with access to its shared memory (remember, it all started from headtracking, which works with shared memory). Once they go “full docker” and add image signing, we can’t change anything
why are you not running all as root if you want “control”?
I think now we are going on a tangent, but running everything as root is the opposite of having control
Not really, by default you have access to other drives (Z:\ being /, the fs root), wine is not a perfect sandbox, it’s not designed for that… and if you actually did want it to become one (which ultimately would also lead to a need for memory separation to fight memory-leak attacks) then it would not be that different from what’s being pursued. You’d be essentially building the container in a custom version of wine shipped by Valve on Steam, it does not make any difference in terms of “control”.
It’s not the binary from developers that I don’t trust. It’s Valve who I don’t trust because they are big (realistically speaking, I don’t have the money to sue them) and are going to be the supplier. I’m not afraid that someone’s game written for Windows, will be ready to infect a Linux system through Wine. I’m afraid that Valve is going to go full EEE on Wine. For now they play nice. But introduction of containerization is introduction of something that will enable them to limit us more and more. Have proton not done that, I would still be only a frog saying “that looks like a pot”. Now, I’m a frog saying “that looks like a pot and I don’t like that temperature has risen 1°”
But those are small fries, not “the provider of games”
WDYM?
They have less to loose, then. That’s just as dangerous, if not more.
I’m a small fry too, would you run a binary I send you without any form of sandboxing?
No, we typically run them with the same user that stores all our useful private data and that we typically type our passwords with.
Also, why are you OK with that level of sandboxing? don’t you want more “control”? You say containers are bad, but using user roles to protect parts of the system is ok? why are you not running all as root if you want “control”?
Not really, by default you have access to other drives (
Z:\being/, the fs root), wine is not a perfect sandbox, it’s not designed for that… and if you actually did want it to become one (which ultimately would also lead to a need for memory separation to fight memory-leak attacks) then it would not be that different from what’s being pursued. You’d be essentially building the container in a custom version of wine shipped by Valve on Steam, it does not make any difference in terms of “control”.If you provide a “legal endpoint”, we construct a document proving that you’ve sent me the binary and convince me that it does something I’d like to do, then yes. With such documentation trail that is how running a game works. Of course, in case of games I do rely on the fact that I’m not the only one you’ve sent me the binary, so it probably was inspected by those more non-trusting than me. But I think that is besides the point
The point is, if then, in the middle someone comes in and says “now I’m going to repackage everything Ferk sents you, for now you can inspect the files but I’m introducing distribution tools that will allow me, in the future, to lock you out of that completely”, then I’m not too happy
Pirvate data at rest should be encrypted and if we are afraid of keyloggers in the games, we don’t have to type passwords to important things when we play. Not to mention 2FAs and other measures preventing leaking whole password
Because now I can freely go into the WINEPREFIX and inspect the files, replace dlls, etc. I can run a program alongside the game with access to its shared memory (remember, it all started from headtracking, which works with shared memory). Once they go “full docker” and add image signing, we can’t change anything
I think now we are going on a tangent, but running everything as root is the opposite of having control
It’s not the binary from developers that I don’t trust. It’s Valve who I don’t trust because they are big (realistically speaking, I don’t have the money to sue them) and are going to be the supplier. I’m not afraid that someone’s game written for Windows, will be ready to infect a Linux system through Wine. I’m afraid that Valve is going to go full EEE on Wine. For now they play nice. But introduction of containerization is introduction of something that will enable them to limit us more and more. Have proton not done that, I would still be only a frog saying “that looks like a pot”. Now, I’m a frog saying “that looks like a pot and I don’t like that temperature has risen 1°”