Ubuntu – Does linux have a signature system for executables

Short answer: no practical danger yet, but read on for a better way...

What's this ptrace thing anyway?

this is due to a bug in the Ubuntu kernel that prevents ptrace and WINE playing well together.

• No, ptrace protection is a deliberate kernel security measure first introduced around Ubuntu 10.10. It's not a bug, and so isn't going to be "fixed".

• In simple terms, the default ptrace_scope value of 1 blocks one process from examining and modifying another process unless the second process (child) was started by the first process (parent).

• This can cause problems with some programs under Wine because of the way wineserver provides "Windows Services" to these programs.

What are the risks in setting ptrace_scope to 0?

• This restores the old behavior where one process can "trace" another process, even if there is no parent-child relationship.

• In theory, a piece of malware can use this to harm you/your computer; e.g. it can attach to Firefox and log all of your URLs/passwords, etc. In practice this is extremely unlikely unless you blindly install binary debs from random sites, etc.

• As far as debugging goes, the 0 settings is in fact required for gdb, strace, etc. to attach to non-children unless you run them with elevated privileges (sudo).

What are the problems with the workaround?

• The workaround is somewhat problematic because ptrace_scope is a global value, and while it's set to 0, all processes on your system are exempt from the non-child restriction.
• If you use the workaround, put it in a simple bash script that enables it, runs your Windows program and then disables (sets to 1) on exit.
  • DO NOT make ptrace_scope world-writable (666) as the forum post recommends -- that is a huge security risk because now any process can change it at will!

Is there a better solution?

• A better solution which is more secure and does not require repetitively modifying ptrace_scope is to grant Wineserver ptrace capabilities.

  • In a terminal:

    sudo apt-get install libcap2-bin 
    sudo setcap cap_sys_ptrace=eip /usr/bin/wineserver
    sudo setcap cap_sys_ptrace=eip /usr/bin/wine-preloader
    

  • This exempts the wineserver and wine-preloader binaries from the non-child ptrace restriction, and allows them to ptrace any process.

  • It only needs to be done once, and is safer because these binaries are usually from a trusted source - the official repositories or the official Wine PPA, so they aren't going to be malware.

If you're using Crossover

Install libcap2:

sudo apt-get install libcap2-bin;

Then, add an exception for Crossover:

sudo setcap cap_sys_ptrace=eip /opt/cxoffice/bin/wineserver;
sudo setcap cap_sys_ptrace=eip /opt/cxoffice/bin/wine-preloader;

Finally, add its libraries to ld.so.conf (or you will get "error while loading shared libraries: libwine.so.1: cannot open shared object file: No such file or directory"):

echo /opt/cxoffice/lib/ | sudo tee /etc/ld.so.conf.d/crossover.conf
sudo /sbin/ldconfig

Wayland is supposed to be a complete replacement for X, not an addon, and it addresses the problems which concern you. Note that at the moment Wayland is not production ready and there is limited driver and toolkit support for it.

It seems that Ubuntu does not have any plans to integrate Wayland at the moment, and wants to create its own display server called Mir, which may also address some of your security concerns. Mir is also not ready for general use.

DirectFB is a bare bones solution for embedded systems which gives programs direct access to the video card's framebuffer. It does not have any security mechanisms.

Another solution is not to run a GUI at all.