Anonymous
9/14/2025, 7:09:25 PM
No.106585479
>>106585336
>I am actually gonna try infecting my VMs with wanacryptor to see if it breaks sandboxing
Keep in mind that Wine isn't sandboxed by default, if you install the system package. Something like Wannacry can still infect your system, at least it was the case a decade ago when people tested it. I'm pretty sure executables can break out of the wine prefix into your /home even if there's no link to your /home in the Wine prefix. And I'm not sure this was ever "fixed" because the whole point of having a system-wide Wine install is to seamlessly run windows software and actually giving it access to your /home and even in some cases your system.
Bottles, on the other hand, is running Wine within a flatpak sandbox. It should be significantly more isolated from your system compared to a default system-wide Wine installation.
>I am actually gonna try infecting my VMs with wanacryptor to see if it breaks sandboxing
Keep in mind that Wine isn't sandboxed by default, if you install the system package. Something like Wannacry can still infect your system, at least it was the case a decade ago when people tested it. I'm pretty sure executables can break out of the wine prefix into your /home even if there's no link to your /home in the Wine prefix. And I'm not sure this was ever "fixed" because the whole point of having a system-wide Wine install is to seamlessly run windows software and actually giving it access to your /home and even in some cases your system.
Bottles, on the other hand, is running Wine within a flatpak sandbox. It should be significantly more isolated from your system compared to a default system-wide Wine installation.