Is it possible to enforce noexec for Wine on ntfs partition ?
freebsd at edvax.de
Tue Apr 25 18:02:24 UTC 2017
On Tue, 25 Apr 2017 17:37:59 +0000, Manish Jain wrote:
> On Tue, Apr 25, 2017 at 10:51 PM, Polytropon <freebsd at edvax.de> wrote:
> Note that I cannot enable this behavior with '-o noexec' : that only disables execution of binaries by the kernel itself, not the emulation layer - which just needs read access.
> Correct. "Windows" programs aren't executed in a manner that it would be triggered by the -noexec mechanism.
> Hi Poly/others,
> But it should be possible to make this a configurable option for
> emulators/wine and emulators/i386-wine. For volumes mounted with
> noexec passed to ntfs-3g/fuse, Wine honours that the noexec
> behaviour everywhere under the volume. That makes good sense to me.
Maybe a "wrapper" that calls wine could implement this specific
check? When the "executable" resides in a volume where noexec is
enabled, wine (the program which is actually executed) will refuse
to load the "Windows" program. It could use the following approach:
1. determine full path of argument given to wine
2. grep in `mount -v` for path, then for "noexec"
3. if it's set, print an error message, else call wine
Just an idea.
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...
More information about the freebsd-questions