• Max-P@lemmy.max-p.me
          link
          fedilink
          arrow-up
          9
          ·
          1 year ago

          It’s not a sandbox, even though it somewhat acts like one.

          There’s not a whole lot preventing a Windows exe from containing Linux code and executing it and effectively “breaking out” of the “sandbox”. Wine presents a Windows compatible view of the system but there isn’t anything really locking it down/preventing the executable from calling the Linux functions instead. It mostly just converts between the PE and ELF binary formats and provides the Windows libraries and interfaces.

          So, it has a slight sandboxing effect but it’s essentially security through obscurity and Windows programs generally not expecting to have a whole Linux environment available.

          A real sandbox enforces restrictions and makes it so you have to exploit the sandbox to break out of it. A good chunk of Wine is just Windows DLLs built with Linux awareness to do the plumbing, there’s no clear solid separation of both worlds.