[Bug 39013] New: Cannot change the location of the folder put in /tmp/.wine-uid
https://bugs.winehq.org/show_bug.cgi?id=39013 Bug ID: 39013 Summary: Cannot change the location of the folder put in /tmp/.wine-uid Product: Wine Version: unspecified Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: enhancement Priority: P2 Component: -unknown Assignee: wine-bugs(a)winehq.org Reporter: sstewartgallus00(a)mylangara.bc.ca Distribution: --- I want to set /tmp on my machine to be only readable and writeable by root and I cannot use Wine with that configuration unless I can change that folder. Also, only allowing the static folder in /tmp opens up a denial-of-service attack against other users. A user can be a jerk and create /tmp/.wine-uid directories to block other users. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39013 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download, source Status|UNCONFIRMED |NEW CC| |austinenglish(a)gmail.com Version|unspecified |1.7.48 Ever confirmed|0 |1 --- Comment #1 from Austin English <austinenglish(a)gmail.com> --- See also bug 14838. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39013 Ken Sharp <imwellcushtymelike(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.winehq.org/sho | |w_bug.cgi?id=14838 -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39013 --- Comment #2 from Ken Sharp <imwellcushtymelike(a)gmail.com> --- (In reply to Steven Stewart-Gallus from comment #0)
A user can be a jerk and create /tmp/.wine-uid directories to block other users.
Some randomisation would be helpful there, with wineserver knowing what temporary directory is in use, and cleaning up after itself. Certainly, on a system with multiple users all using Wine, the /tmp is left littered with .wine-* directories. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39013 NP-Hardass <np.hardass(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |np.hardass(a)gmail.com --- Comment #3 from NP-Hardass <np.hardass(a)gmail.com> --- (In reply to Steven Stewart-Gallus from comment #0)
I want to set /tmp on my machine to be only readable and writeable by root and I cannot use Wine with that configuration unless I can change that folder. Also, only allowing the static folder in /tmp opens up a denial-of-service attack against other users. A user can be a jerk and create /tmp/.wine-uid directories to block other users.
Bump. Downstream distros are starting to mark this as a security bug: https://bugs.gentoo.org/show_bug.cgi?id=576134 https://bugzilla.redhat.com/show_bug.cgi?id=1312958 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816034 -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39013 Sebastian Lackner <sebastian(a)fds-team.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |sebastian(a)fds-team.de -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39013 --- Comment #4 from Alexandre Julliard <julliard(a)winehq.org> --- Created attachment 53781 --> https://bugs.winehq.org/attachment.cgi?id=53781 Support XDG_RUNTIME_DIR How about something like this? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39013 --- Comment #5 from Sebastian Lackner <sebastian(a)fds-team.de> --- (In reply to Alexandre Julliard from comment #4)
Created attachment 53781 [details] Support XDG_RUNTIME_DIR
How about something like this?
Wasn't the idea that this code should not depend on any environment variables? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39013 --- Comment #6 from Alexandre Julliard <julliard(a)winehq.org> --- (In reply to Sebastian Lackner from comment #5)
(In reply to Alexandre Julliard from comment #4)
Created attachment 53781 [details] Support XDG_RUNTIME_DIR
How about something like this?
Wasn't the idea that this code should not depend on any environment variables?
Yes, but XDG_RUNTIME_DIR is in theory supposed to be constant across a user session. Of course the user can still mess with it, but that would probably break other things too. Do you have other suggestions? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39013 --- Comment #7 from Sebastian Lackner <sebastian(a)fds-team.de> --- (In reply to Alexandre Julliard from comment #6)
Yes, but XDG_RUNTIME_DIR is in theory supposed to be constant across a user session. Of course the user can still mess with it, but that would probably break other things too.
Do you have other suggestions?
Couldn't we use the code path for Android on all platforms, or does this have other disadvantages? This would also ensure that people can only access the wineserver sockets, when they have access to the wine prefix itself. Using an environment variable is probably also fine, but it would be nice to have some precautions against wine prefix corruptions, for example a file lock on the registry or similar. I could imagine that XDG_RUNTIME_DIR is not set when people execute wine directly from a cronjob for example. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39013 --- Comment #8 from Alexandre Julliard <julliard(a)winehq.org> --- (In reply to Sebastian Lackner from comment #7)
Couldn't we use the code path for Android on all platforms, or does this have other disadvantages? This would also ensure that people can only access the wineserver sockets, when they have access to the wine prefix itself.
We can't use the prefix directory, because it can be on a network file system, and/or not support locking or sockets. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39013 --- Comment #9 from NP-Hardass <np.hardass(a)gmail.com> --- Just to be clear, the aspect that is being considered a security issue is the use of /tmp/.wine-uid and lack of security checks on it, which is part of what this bug report is about. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39013 Sebastian Lackner <sebastian(a)fds-team.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jre.winesim(a)gmail.com --- Comment #10 from Sebastian Lackner <sebastian(a)fds-team.de> --- *** Bug 40274 has been marked as a duplicate of this bug. *** -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39013 Sebastian Lackner <sebastian(a)fds-team.de> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |http://bugs.debian.org/8160 | |34 -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39013 --- Comment #11 from Austin English <austinenglish(a)gmail.com> --- (In reply to Alexandre Julliard from comment #6)
(In reply to Sebastian Lackner from comment #5)
(In reply to Alexandre Julliard from comment #4)
Created attachment 53781 [details] Support XDG_RUNTIME_DIR
How about something like this?
Wasn't the idea that this code should not depend on any environment variables?
Yes, but XDG_RUNTIME_DIR is in theory supposed to be constant across a user session. Of course the user can still mess with it, but that would probably break other things too.
Do you have other suggestions?
mkdtemp? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=39013 Michel Terrisse <mterrisse(a)free.fr> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mterrisse(a)free.fr --- Comment #12 from Michel Terrisse <mterrisse(a)free.fr> --- Note that XDG_RUNTIME_DIR is not defined on macOS (tested on macOS 10.15 Catalina). Regards, Michel Terrisse -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=39013 Konstantin Demin <rockdrilla(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |rockdrilla(a)gmail.com --- Comment #13 from Konstantin Demin <rockdrilla(a)gmail.com> --- See MR: https://gitlab.winehq.org/wine/wine/-/merge_requests/3381 try following locations for wineserver directory: - `${XDG_RUNTIME_DIR}/wine` - `/run/user/${uid}/wine` - `${TMPDIR}/wine` - only if `${TMPDIR}` is owned by user - `${TMPDIR}/.wine-${uid}` - `/tmp/.wine-${uid}` - current/default behavior -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (2)
-
wine-bugs@winehq.org -
WineHQ Bugzilla