On 22.08.2016 15:14, Rosanne DiMesio wrote:
On Mon, 22 Aug 2016 00:24:29 -0300 Bruno Jesus 00cpxxx@gmail.com wrote:
On Sat, Jul 23, 2016 at 1:57 AM, Bruno Jesus 00cpxxx@gmail.com wrote:
Hi, I would like to please call for attention on bug https://bugs.winehq.org/show_bug.cgi?id=39884
As far as I understand there are only benefits to users if we allow .exe files to run through binfmt, would it pose any kind of problem to add this configuration to our packages?
It looks like nobody think it is a problem so I'll ask it to be added in order to resolve the bug.
What are the security implications? Won't this make it easier for malware to execute without being Wine-aware, or am I just being paranoid?
We don't enable binfmt in Debian for exactly this reason (see https://bugs.debian.org/819255). So I'd also be interested in other opinions.
E.g. above mentioned bug already states: "[binfmt] is also helpful for security because it allows each Windows program to be run with different AppArmor profile." However this doesn't require automatically enabled binfmt support, just the possibility to do so.
Greets jre