Fix some security issues

[RobQuistNL]

I don't think you'll like this kind of stuff on your server my friend;

[ikreymer]

Yes, this has been pointed out.. I am working on figuring out ways to restrict access outside the browsers, if possible..

This is however, the Docker container, not the host machine.. The container is built as part of this repo so there are no 'real' passwords here.. You can see the 'browser' user being created in the as part of the Dockerfile.

[RobQuistNL]

I understand, but still someone has control over a remote machine, be it a VM or not.. Still not something you'd like - it might be able to break out of the docker container, as it has a network connection (maybe even shared folders) to its host.

Thanks for the quick reply :)

[ikreymer]

Sure, np, these are tricky issues, and definitely something I want to address, now that this project has gotten quite a lot of traffic. Let me know if you have any specific suggestions, with wine specifically:
Am looking over: http://wiki.winehq.org/SecuringWine

[RobQuistNL]

I'll check it out ASAP - looks like a neat project. And yeah, you 're all over tech websites and some trending stuff.. I think you're about to go viral in 2 days

[ikreymer]

I think it already has, I can't imagine any more than this! :)

[ikreymer]

Well, removing z:/ was causing issues, so undoing.. Browsing root not as significant and can be done from other browsers anyway.. Will look at other security improvements for Wine though

[RobQuistNL]

I have some ideas:

• run the wine app without running explorer
• Enable some kind of kiosk mode (if its in there)
• Put the browser in full screen and disable the button to move it out of fullscreen
• Run the wine app as a specific user that only has rights on the explorer executable (so you can't browse into / )
• Scale down the VLC to only show the address bar and the page content - so you don't see / can use the window handles