Hello, currently wine is installed so, that any user on a system may use it. Taking into account that running windows applications involves additional severe risks, it would be wise to limit wine usage to only trusted/isolated users per root's decision. Also official wine FAQ recommends to use at least separate user to run wine applications: http://wiki.winehq.org/FAQ#head-3cb8f054b33a63be30f98a1b6225d74e305a0459 "If you're running applications that you suspect to be infected, run them as their own Linux user or in a virtual machine." Of course, using SELinux and/or virtual machine will improve security even more, but user isolation is the first step, it costs nothing and will help at least partially. I propose to add wine group, to change wine binary/library group to wine, and to set g-w,o-rwx permissions. Thus users willing to change nothing may just add themselves to the wine group, otherwise they are free to create separate user and add it to the wine group. This approach will also ease root's work on multiuser systems with wine is needed to be used, but restricted for several users.
Created attachment 275013 [details, diff] wine-1.3.21.ebuild.patch Patch for the latest wine ebuild with changes proposed above.
Created attachment 275035 [details, diff] wine-1.3.21.ebuild.patch Previous version produced a lot of chmod/chown errors because path pattern was expanded in root filesystem before being applied to install root. This version generates file listing and uses it explicitely.
Thanks for submitting your enhancement, assigning to wine maintainers to take a look.
that recommendation is conditional: "... you suspect to be infected, ..." i dont see anyone else doing this, so for now, i'll decline making this change
