Thread 106233240

Can it effectively sandbox pirated games? Can it do so better than Windows can? If so, how?

>sandbox pirated games
what do you mean?

>>106233276
He's probably referring to the wine prefix that gets created to make games run.

>>106233240 (OP)
apparmor + firejail

>>106233327
considering he hasn't answered yet, it shows he had no idea what he was asking.

>>106233240 (OP)
install gentoo

>>106233240 (OP)
Just buy more ram and run your cracks in a vm. You should've probably been doing this anyway.

>>106234911
vm have access to mother board and literally can write in its bios

My cat shit in your sandbox

>>106233240 (OP)
Yeah, wine has builtin sandboxing

>>106233240 (OP)
By default if you just use steam+proton, or lutris/heroic/bottles/wine/winetricks you aren't sandboxing shit, any virus you execute if it's built as OS agnostic can grab your data or do whatever is it's intended purpose. You need to use a VM with GPU passthrough to properly sandbox

>>106233240 (OP)
the only sandbox you can get is a separate machine, disconnected from the network
period

You can try bwrap, there's a million options so I never got it working, separate user account would be the easiest I believe.

if by "sandbox" you mean "make random cracked games I install 100% safe from viruses" then no. but you can reduce the risk. I only download the Windows versions of games from reputable sources so that there's less chance of a virus, or if there is one, that it'll be effective on Linux. then I use bubblejail to restrict access to my files and disable networking. then launch the games through Bottles with bubblejail as a launch option.

>>106236115
>unplug; run; reboot; and plug it back
You don't know how malware works, do you

vm autism is the only real option linuxers have.

>>106233240 (OP)

Piracy involves violence
What do you mean anon?

>>106236149
not particularly. so how exactly is this not going to be useful? in a Windows program someone would have to include Linux malware that escapes both wine and bubblewrap to gain control of my system. possible, but highly unlikely that's I'm gonna come across it cracking games.

Yeah. I'm too retarded for the AppArmor stuff though.

>>106233240 (OP)
Bottles with Flatpak is sandboxed but I'm not sure how secure that is.

>>106233240 (OP)
you are never 100% safe, just download your stuff from a reputable sauce.

>>106236529
>in a Windows program someone would have to include Linux malware
Do you think that "including linux malware" in bing bing waaaho would be something niche and obscure considering how the biggest idiots (gamers) are following their eceleb leaders and migrating to linux?

Did you seriously think you're unique and special?

>>106233240 (OP)
don't use X.org
create container
win

>>106236797
Linux users are still less than 3% of gamers according to the Steam survey. so yeah, I think the vast majority of hackers aren't gonna bother.

>>106236797
it would still be hard. Linux users are more diverse than Wincucks.
some lintards may be using uncontainerized steam to run their bing bing wahoo, while others may be using Bottles in a flatpak with flatseal tweaked to minimize exposure.

unless these fucks have some 0 day linux kernel exploit that they can leverage from a container with a limited view of /dev and other stuff or can break out of bubblewrap (bwrap) it's meaningless. The barrier of entry to bypass sandboxing on Linux is drastically higher than Windows by so much that even Windows is moving towards containerization (limited to winshit server using Docker(tm) so far).

>>106236889
Just no, what you said is stupid and you should stay with windows because your kind of stupid is incurable and dangerous to others.

>>106236890
Your kind of stupid is also bad but you're tryingby using the word salad.
You're running renamed namespaces.
Linux is not as diverse as you may think.
Malware can escape namespaces and it will get only worse.

>>106237112
ok retard. post PoC or GTFO.
you're like the tards who'd say this, send me a trivial TIOCSTI bullshit 'sploit and think I'm dumb and don't know how to handle pty's.

>>106233437
It's a jeetthread by Gurupartap Davis.

>>106233240 (OP)
you should not pirate games if you are using linux. You need to support linux devs

>>106237561
I thought the point of Linux was free software.

>>106237630
it is. But It's also about choices. fren there will always be a free alternative to propetary software.

>>106237630
Free as in free speech, not as in free beer, right?

>>106233240 (OP)
if you're running it through an emulator like wine/proton isn't it inherently "sandboxed"?

>>106237776
no, have you used wine before? there's a Z: drive it has access to all your shit

>>106237776
>emulator like wine
Wine is an acronym that stands for something.

>>106236687
>/bin/sh
>pipefail with not pipes
pretty sure pipefail is not posix, if it's only a command do you really need those options?

>>106233240 (OP)
Linux->KVM->GPU passthrough->Windows 10->Pirated game

>>106238557
>GPU passthrough
Don't you need 2 GPUs for this?

>>106238581
i think you can run 1, but 2 is probably recommended
i pass through an nvidia and use an amd for the host gpu.

>>106237776
>emulator
>wine
pottery

>>106238178
wine is an emulator whatever it trans-calls trans-itself

>>106240396
It by definition is not.

>>106240458
exactly by definition it is

>>106241000
in the same way trans woman are woman! you tell them sis!

>>106235109
At the moment this is very uncommon. Even Linux viruses are distro specific (lots will just exit if you’re running on anything that isn’t Ubuntu). I’m sure more like this will pop-up in future. I can see WINE adding more robust access controls as well to prevent access to the native file system.

If you care about this shit, run QUBEs or something, or run your cracks in a VM with GPU pass through.

>>106241088
definition is not a name, you dimwit
creatures with xy-chromosomes are males by definition

>>106237112
If someone finds an easy container escape they’re not going to use it just to run info-stealers. That shit would be worth a lot, whether sold to state actors or companies. It’d also get patched very quickly, because the primary users of containers are enterprise server farms.

>>106241000
It's a compatibility layer not an emulator dimwit. It only translates API calls.

>>106235109
If a virus is truly "OS agnostic" shouldn't it be able to detect that it is running in a guest OS, and exploit the architecture of the interface between guest and host? I mean, your guest OS has to have very low level access to your host for all of the devices to work, even if the access is facilitated through a proxy (virtualization engine) its still there.
Seems dangerous.

>>106241166
>doesn't know the difference between a compatibility layer and an emulator
>calls others dimwits
Dunnikrug pottery

>>106237776
wine is a linker for PE32 binaries which comes with assorted PE32 DLLs to provide Win32 / WinRT / whatever the fuck features and APIs.

the only emulator layers that exist in WINE are syscall emulators and NT Synchronization objects via a server process.

>>106233240 (OP)
get them from a reputable source and hope for the best! don't forget virustotal!

>>106233240 (OP)
With wine you can trivially sandbox as-is, otherwise you can use bubblewrap or firejail