top | item 46637169

(no title)

jprjr_ | 1 month ago

There's actually a couple of reasons for Windows apps to make Linux syscalls. I'm pretty certain this is how VST bridging software works so you can use Windows VSTs in Linux DAWs.

The technique is also used in Discord RPC Bridge for Wine - allows Wine apps to communicate with Linux Discord - https://github.com/EnderIce2/rpc-bridge

discuss

avadodin|1 month ago

The average user expectation is probably not that any random exe they download from the piratehub or whatever can actually run Linux shellcode on their system.

I think all syscalls should be landlocked by default(It might require a novel kernel-assisted mechanism to keep existing official Wine libraries working, not sure).

Some of these programs with Wine support will have to get grandfathered in, of course, but at least let the user add them to a white list with a confirmation popup.

"This program wants to run Linux h4x0r shellcode. Allow?"

And then of course provide a mechanism so that new Wine-aware applications can interact with Linux features in a safer way.

ronsor|1 month ago

Users shouldn't be running random executables. Wine is not a sandbox!

nice_byte|1 month ago

it would be hard to say whether a given program making a syscall is trying to do a native linux sys call or a "naked" windows syscall (something that some windows programs actually do).

but yeah, somehow intercepting syscalls is a prerequisite for either emulating these naked windows syscalls or notifying the user about the native linux ones.