[Bug 22006] New: OpenProcess does not enforce ACL
http://bugs.winehq.org/show_bug.cgi?id=22006 Summary: OpenProcess does not enforce ACL Product: Wine Version: unspecified Platform: x86 OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: kernel32 AssignedTo: wine-bugs(a)winehq.org ReportedBy: shalomgo(a)gmail.com Created an attachment (id=26746) --> (http://bugs.winehq.org/attachment.cgi?id=26746) Test case OpenProcess (and probably other functions) does not properly enforce process ACLs, allowing unprivileged processes to read and write memory of privileged ones. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=22006 --- Comment #1 from Shalom Gold <shalomgo(a)gmail.com> 2010-03-11 07:40:22 --- Test case output on Windows XP: OpenProccess succeeded. OpenProccess failed. Test case output on Wine (Linux): OpenProccess succeeded. OpenProccess succeeded. ... (Until all the processes are killed. Basically a fork bomb.) -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=22006 Vitaliy Margolen <vitaliy(a)kievinfo.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Version|unspecified |1.1.40 Ever Confirmed|0 |1 --- Comment #2 from Vitaliy Margolen <vitaliy(a)kievinfo.com> 2010-03-11 09:04:12 --- Confirming. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=22006 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download, testcase -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=22006 tgrim <thomgrimes(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |thomgrimes(a)gmail.com --- Comment #3 from tgrim <thomgrimes(a)gmail.com> 2011-05-26 04:22:48 CDT --- It's been a year. Is this any closer to getting fixed? -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=22006 Nikolay Sivov <bunglehead(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #26746|text/x-csrc |text/plain mime type| | -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=22006 --- Comment #4 from Nikolay Sivov <bunglehead(a)gmail.com> 2011-08-09 13:59:15 CDT --- Is there any real life applications that depend on that? -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=22006 Jimmy Christensen <jichr86(a)dusted.dk> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jichr86(a)dusted.dk --- Comment #5 from Jimmy Christensen <jichr86(a)dusted.dk> 2012-08-16 03:49:42 CDT --- (In reply to comment #4)
Is there any real life applications that depend on that?
Yes, Continuum does. The current fix is for OpenProcess to return NULL on all calls where the access parameter has PROCESS_VM_WRITE bit set. I have personally not had any trouble with other windows programs because of this fix but have not investigated in depth. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=22006 joris(a)jorisvanderwel.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |joris(a)jorisvanderwel.com -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=22006 Sebastian Lackner <sebastian(a)fds-team.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |sebastian(a)fds-team.de -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=22006 Qian Hong <fracting(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fracting(a)gmail.com -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=22006 Béla Gyebrószki <gyebro69(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |patch URL| |http://www.getcontinuum.com | |/downloads/continuum/Contin | |uum040Setup.exe CC| |gyebro69(a)gmail.com Summary|OpenProcess does not |OpenProcess does not |enforce ACL |enforce ACL (Continuum | |fails to start) --- Comment #6 from Béla Gyebrószki <gyebro69(a)gmail.com> --- Still present in wine-1.7.43-166-g39d71c5 Tested with the game 'Continuum': http://www.getcontinuum.com/downloads/continuum/Continuum040Setup.exe The game hangs on start. The patchset from wine-staging fixes the issue: https://github.com/wine-compholio/wine-staging/tree/master/patches/server-Cr... Continuum040Setup.exe sha1: c98e42a92b1f2c3233bf89d597cb22b0162b2668 -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=22006 Anastasius Focht <focht(a)gmx.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |voltagex(a)voltagex.org --- Comment #7 from Anastasius Focht <focht(a)gmx.net> --- *** Bug 38753 has been marked as a duplicate of this bug. *** -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=22006 Anastasius Focht <focht(a)gmx.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |focht(a)gmx.net Summary|OpenProcess does not |Multiple applications |enforce ACL (Continuum |require support for thread |fails to start) |and process security | |descriptors (Continuum, | |Acrobat Reader DC 2015) --- Comment #8 from Anastasius Focht <focht(a)gmx.net> --- Hello folks, refining summary to collect more dupes here. Obviously still present. Also needed by Acrobat Reader DC 2015.007.20033 after working around bug 38753 -> disable Adobe protected mode. --- snip --- $ wine reg add "HKCU\\SOFTWARE\\Adobe\\Acrobat Reader\\DC\\Privileged" /v bProtectedMode /t REG_DWORD /d 0 /f --- snip --- $ sha1sum AcroRdrDC1500720033_en_US.exe 1e4726d73e7cf583975bdd5e2656399ffc7513ed AcroRdrDC1500720033_en_US.exe $ du -sh AcroRdrDC1500720033_en_US.exe 48M AcroRdrDC1500720033_en_US.exe $ wine --version wine-1.7.46-118-g7a3c988 Regards -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=22006 --- Comment #9 from Joris <joris(a)jorisvanderwel.com> --- I made a patch for this a while back, look here: https://github.com/wine-compholio/wine-staging/tree/master/patches/server-Cr... Feel free to update and submit them (fyi I am not going to) -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=22006 Michael Müller <michael(a)fds-team.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |STAGED CC| |michael(a)fds-team.de Staged patchset| |https://github.com/wine-com | |pholio/wine-staging/tree/ma | |ster/patches/server-CreateP | |rocess_ACLs -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=22006 Roger Cruz <spark.crz(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |spark.crz(a)gmail.com --- Comment #10 from Roger Cruz <spark.crz(a)gmail.com> --- (In reply to Joris from comment #9)
I made a patch for this a while back, look here: https://github.com/wine-compholio/wine-staging/tree/master/patches/server- CreateProcess_ACLs
Feel free to update and submit them
(fyi I am not going to)
This could fix a lot of games that depend on anti-cheat engines... -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=22006 André H. <nerv(a)dawncrow.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |nerv(a)dawncrow.de Staged patchset|https://github.com/wine-com |https://github.com/wine-sta |pholio/wine-staging/tree/ma |ging/wine-staging/tree/mast |ster/patches/server-CreateP |er/patches/server-CreatePro |rocess_ACLs |cess_ACLs -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=22006 Maik Wagner <maiktapwagner(a)aol.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |maiktapwagner(a)aol.com --- Comment #11 from Maik Wagner <maiktapwagner(a)aol.com> --- I am willing to test this out but I am not sure on how to proceed: If I install the wine-staging package from openSUSE - Would this patch be in the corresponding package? I also have Acrobat Reader DC installed. What would I have to be on the lookout for? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=22006 Anastasius Focht <focht(a)gmx.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED URL|http://www.getcontinuum.com |https://web.archive.org/web |/downloads/continuum/Contin |/20150729083610/http://subs |uum040Setup.exe |pace-continuum.com/trackdow | |nload.php?type=win Status|STAGED |RESOLVED Fixed by SHA1| |ac7ae92af1f53db3a240e266e1b | |a73466c8327a5 Summary|Multiple applications |Multiple applications |require support for thread |require support for thread |and process security |and process security |descriptors (Continuum, |descriptors (Continuum |Acrobat Reader DC 2015) |0.40, Acrobat Reader DC | |2015) --- Comment #12 from Anastasius Focht <focht(a)gmx.net> --- Hello folks, this has been fixed a long time ago by commits: * https://source.winehq.org/git/wine.git/commitdiff/ac7ae92af1f53db3a240e266e1... ("server: Allow specifying the security descriptor for a new process.") * https://source.winehq.org/git/wine.git/commitdiff/4a328e08aca20a46ecbee634ff... ("server: Allow specifying the security descriptor for a new thread.") Part of Wine 3.17 release It's unfortunate that the removal of Wine-Staging patchset https://github.com/wine-staging/wine-staging/tree/v3.16/patches/server-Creat... patchset was hidden behind a rebase commit https://github.com/wine-staging/wine-staging/commit/3f082c2d0ad0ad46037daac2... which did more things than just that. Whenever a patchset is dropped from Wine-Staging, the description file shall be checked for any WineHQ Bugzilla bug references to update the ticket. I've tested Continuum 0.40 (also mentioned in bug 21702). The game worked with Wine 3.17 but not in Wine 3.16. Stable link via Internet Archive: https://web.archive.org/web/20150729083610/http://subspace-continuum.com/tra... Regards -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=22006 Zebediah Figura <z.figura12(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |z.figura12(a)gmail.com --- Comment #13 from Zebediah Figura <z.figura12(a)gmail.com> --- (In reply to Anastasius Focht from comment #12)
It's unfortunate that the removal of Wine-Staging patchset https://github.com/wine-staging/wine-staging/tree/v3.16/patches/server- CreateProcess_ACLs patchset was hidden behind a rebase commit https://github.com/wine-staging/wine-staging/commit/ 3f082c2d0ad0ad46037daac23d785ca159c0dbab which did more things than just that.
Without trying to sound defensive, I'm not sure I follow; I see that as part of the process of rebasing, which means essentially "make all of the Staging patch sets apply against the latest upstream commit". That is, the server-CreateProcess_ACLs patch set applied against 93994dfc0, and did not apply against 3f082c2d0, and was removed because it was no longer necessary. Splitting up the parts of a rebase would be pointless (the intermediate versions would not apply against anything, at all) and take extra time.
Whenever a patchset is dropped from Wine-Staging, the description file shall be checked for any WineHQ Bugzilla bug references to update the ticket.
I tend to assume that a commit author will take action to resolve (or ask for a retest on, etc.) the bug they fix. In future I'll try to be more diligent, if this is unreliable. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=22006 Alexandre Julliard <julliard(a)winehq.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #14 from Alexandre Julliard <julliard(a)winehq.org> --- Closing bugs fixed in 5.1. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (2)
-
wine-bugs@winehq.org -
WineHQ Bugzilla