I’m feeling a bit nostalgic and wanted to play some of the old COD games, and noticed that remote code execution exploits such as CVE-2018-20817 exist and seem to be unpatched. So I was wondering if this exploit affects or can be mitigated when running through Proton?
As I assume most of these exploits are intended for Windows systems, I’d assume it would be fairly harmless if I could disable mounting the default root filesystem and external drive mounts to the prefix. Digging through winetricks/protontricks I haven’t managed to find such an option though.
Wine/Proton isn’t designed to be a sandbox. A motivated enough attacker could make an exploit that checks if it’s running in wine and do some wine specific stuff.
Even if you do manage to sandbox it from your root filesystem, it still needs access to your Steam account, which an attacker could compromise.
I’m aware it isn’t designed to be a sandbox, I’m just betting that the typical exploiter wouldn’t target wine past writing stuff into mounted filesystems. So at most they’d wreck the proton prefix and perhaps spawn a few processes within it.
Your root disk is usually mounted at Z: so any ransomware could just encrypt that