http://bugs.winehq.org/show_bug.cgi?id=31114 Bug #: 31114 Summary: Wine is too insecure. Product: Wine Version: unspecified Platform: x86 OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs(a)winehq.org ReportedBy: franchukrom(a)gmail.com Classification: Unclassified Program under wine can call Linux syscalls. The quick way to get the proof: compile this code: http://pastebin.com/NNxPcYxx with Windows version of nasm and run it under wine. It works. The program illustrates syscalls "write" (to print the message to a terminal) and "exit". But users of wine usually believe that their filesystems can't be damaged if they configure wine's drives not to point on files outside .wine. It is wrong: if malware developer is aware of wine, he can use Linux syscalls to have a full access to the whole computer with rights of user that ran wine. I think, wine should use chroot in order to avoid this problem. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.