From owner-freebsd-hackers@FreeBSD.ORG Sun Dec 7 16:34:42 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BE3A416A4CE for ; Sun, 7 Dec 2003 16:34:42 -0800 (PST) Received: from tower.berklix.org (bsd.bsn.com [194.221.32.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7B01343F3F for ; Sun, 7 Dec 2003 16:34:40 -0800 (PST) (envelope-from jhs@berklix.org) Received: from tower.berklix.org (localhost [127.0.0.1]) by tower.berklix.org (8.12.6/8.12.6) with ESMTP id hB80Ybfi005778; Mon, 8 Dec 2003 01:34:37 +0100 (CET) (envelope-from jhs@tower.berklix.org) Received: (from jhs@localhost) by tower.berklix.org (8.12.6/8.12.6/Submit) id hB80XMGL005777; Mon, 8 Dec 2003 01:33:22 +0100 (CET) (envelope-from jhs) From: Julian Stacey Message-Id: <200312080033.hB80XMGL005777@tower.berklix.org> To: hackers@freebsd.org Fcc: sent-mail In-Reply-To: Message from Chris BeHanna of "Sun, 07 Dec 2003 01:19:11 EST." <200312070119.11987.chris@behanna.org> X-Mailman-Approved-At: Tue, 27 Jan 2004 05:29:37 -0800 cc: jau@iki.fi cc: chris@behanna.org Subject: Re: running wine automatically as a shell for w32 binaries X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Mon, 08 Dec 2003 00:34:42 -0000 X-Original-Date: Mon, 8 Dec 2003 01:33:22 +0100 (CET) X-List-Received-Date: Mon, 08 Dec 2003 00:34:42 -0000 Chris BeHanna wrote: > On Saturday 06 December 2003 10:19, Julian Stacey wrote: > > > Hi all, > > > I wrote a new imgact function for FreeBSD to start wine > > > automatically as a sort of an "interpreter" for windows > > > binaries. > > > > > > > Great idea ! If this small diff gets tested & merged into src/ > > automatic MS support will be a real plus. > > With the weekly proliferation of MS worms, trojans, and viruses, > do you *really* think this is a good idea? > > Yeah, it's neat, nifty, and cool, but it comes with substantial > risk. No risk to a normal BSD src/ based system if EG ports/emulators/wine is not installed, presumably ? Or if anything is dangerous, & not yet switchable, could it be a sysctl or kernel option ? I wouldn't suggest installing wine +MS apps on `real' BSD servers & workstations, but for companies transitioning from MS to BSD, they could install wine on their PCs, & use legacy MS support easier, reducing MS to FreeBSD migrations costs, boosting FreeBSD adoption. BTW I'm no MS apologist/lover: My many machines all run pure BSD, (except one DOS 8086) No MS-Win excrement. No wine either except on ports build engines. Most people use MS though, so automatic support could help migration to BSD. Example: City of Munich are dumping Microsoft from 10,000 office PCs (& going Linux) http://berklix.com/~jhs/stadtmuenchen/ http://www.heise.de/newsticker/data/mgo-13.04.02-000/ Migration / retraining costs were major factors in the decision. Ease the migration from MS & more can escape MS for BSD. Risk: I wouldnt install MS excrement on normal BSD systems, but companies migrating from MS could install BSD + wine etc on their ex MS PCs. BTW I'd suggest a `sandbox' login for BSD admins to test & use MS support in, & for use by migrating MS users). Even if all the BSD system above the home dir. had correct safe permissions, a BSD user running MS support wouldn't be safe: an MS virus or rogue program could still run berserk in & under the home directory, but that's a risk for MS users no worse than they already take. Example Precautions Similar to Mozilla: I use mozilla in 2 modes: java & coookies off under my own login, & a 2nd empty login owning no files, used via rlogin localhost -l jhs-untrusted" xauth merge /tmp/xyz; setenv DISPLAY user:0 for mozilla with java & cookies & later flash (ports/www/flashplugin-mozilla) turned on. Anyone running wine + MS apps etc could do similar, just copying the files needed to the untrusted sandbox/ login, then copying back to the normal safe ~ directory when finished. - Julian Stacey. Munich Unix & Net Consultant. http://berklix.com