Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 25 Apr 2017 20:02:18 +0200
From:      Polytropon <freebsd@edvax.de>
To:        Manish Jain <bourne.identity@hotmail.com>
Cc:        "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Subject:   Re: Is it possible to enforce noexec for Wine on ntfs partition ?
Message-ID:  <20170425200218.cbbf375c.freebsd@edvax.de>
In-Reply-To: <VI1PR02MB1200E6565E3AE47DD0AD413FF61E0@VI1PR02MB1200.eurprd02.prod.outlook.com>
References:  <VI1PR02MB1200E6067CAC56CF36BB0B31F61E0@VI1PR02MB1200.eurprd02.prod.outlook.com> <20170425192117.c1b04abc.freebsd@edvax.de> <VI1PR02MB1200E6565E3AE47DD0AD413FF61E0@VI1PR02MB1200.eurprd02.prod.outlook.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Tue, 25 Apr 2017 17:37:59 +0000, Manish Jain wrote:
> On Tue, Apr 25, 2017 at 10:51 PM, Polytropon <freebsd@edvax.de> wrote:
> Note that I cannot enable this behavior with '-o noexec' : that only disables execution of binaries by the kernel itself, not the emulation layer - which just needs read access.
> Correct. "Windows" programs aren't executed in a manner that it would be triggered by the -noexec mechanism.
> 
> 
> Hi Poly/others,
> 
> But it should be possible to make this a configurable option for
> emulators/wine and emulators/i386-wine. For volumes mounted with
> noexec passed to ntfs-3g/fuse, Wine honours that the noexec
> behaviour everywhere under the volume. That makes good sense to me.

Maybe a "wrapper" that calls wine could implement this specific
check? When the "executable" resides in a volume where noexec is
enabled, wine (the program which is actually executed) will refuse
to load the "Windows" program. It could use the following approach:

1. determine full path of argument given to wine
2. grep in `mount -v` for path, then for "noexec"
3. if it's set, print an error message, else call wine

Just an idea.


-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20170425200218.cbbf375c.freebsd>