wine-bugs

wine-bugs@winehq.org

1 participants
159107 discussions

[Bug 2715] Insecure file creation of "regxxxxxxx.tmp" in /tmp
by Wine Bugs 14 Feb '05

14 Feb '05

http://bugs.winehq.org/show_bug.cgi?id=2715 ------- Additional Comments From badpenguin79(a)hotmail.com 2005-14-02 07:47 ------- Created an attachment (id=765) --> (http://bugs.winehq.org/attachment.cgi?id=765&action=view) Possible patch for misc/registry.c donwload the patch file in your wine sources directory and launch: patch -p1 < wine-registry.patch -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

1 0

[Bug 2715] Insecure file creation of "regxxxxxxx.tmp" in /tmp
by Wine Bugs 14 Feb '05

14 Feb '05

http://bugs.winehq.org/show_bug.cgi?id=2715 badpenguin79(a)hotmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- Component|wine-files |wine-misc -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

1 0

[Bug 2715] Insecure file creation of "regxxxxxxx.tmp" in /tmp
by Wine Bugs 14 Feb '05

14 Feb '05

http://bugs.winehq.org/show_bug.cgi?id=2715 ------- Additional Comments From badpenguin79(a)hotmail.com 2005-14-02 05:54 ------- Note: Also, 20050211 release is affected . The problem is in the function _get_tmp_fn(FILE **) ( in $WineRelease/misc/registry.c) --------------------------------------------------------- static LPSTR _get_tmp_fn(FILE **f) { LPSTR ret; int tmp_fd,count; ret = _xmalloc(50); for (count = 0;;) { sprintf(ret,"/tmp/reg%lx%04x.tmp",(long)getpid(),count++); --> if ((tmp_fd = open(ret,O_CREAT | O_EXCL | O_WRONLY,0666)) != -1) break; if (errno != EEXIST) { ERR("Unexpected error while open() call: %s\n",strerror(errno)); free(ret); *f = NULL; return NULL; } } --------------------------------------------------- When regxxxxxx.tmp is created by open() 0666 mode is used. Since that default umask = 022 : (0666) &~ (022) = 0644 = -rw-r--r-- Solution: Use .. open(ret,O_CREAT | O_EXCL | O_WRONLY,0600)).. Best Regard, Giovanni Delvecchio -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

1 0

[Bug 2698] Text alignment bug in editbox
by Wine Bugs 14 Feb '05

14 Feb '05

http://bugs.winehq.org/show_bug.cgi?id=2698 gabriele.giorgetti(a)teamfab.it changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution| |FIXED ------- Additional Comments From gabriele.giorgetti(a)teamfab.it 2005-14-02 02:56 ------- This patch fixes the problem. It is a working implementation of text alignment in edit fields. Regards! -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

1 0

[Bug 2709] AppDB maintainer permissions
by Wine Bugs 14 Feb '05

14 Feb '05

http://bugs.winehq.org/show_bug.cgi?id=2709 grahame(a)regress.homelinux.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |FIXED ------- Additional Comments From grahame(a)regress.homelinux.org 2005-13-02 18:51 ------- OK, seems to be fixed now -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

1 0

[Bug 2717] New: bitmaps displayed incorrectly
by Wine Bugs 13 Feb '05

13 Feb '05

http://bugs.winehq.org/show_bug.cgi?id=2717 Summary: bitmaps displayed incorrectly Product: Wine Version: 20050111 Platform: PC OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: wine-binary AssignedTo: wine-bugs(a)winehq.org ReportedBy: weert(a)germanynet.de Starting DVDLabPro the screen is immersed in messages like the following: err:x11drv:X11DRV_CreateBitmap Trying to make bitmap with planes=1, bpp=32 The bpp-value varies from 4 to 32, the buttons in the application work. In the previously installed version (20040213) of wine this behaviour was not seen. HW-Details: PIII 1000MHz, VGA compatible controller: nVidia Corporation NV34 [GeForce FX 5200 512 MB Mem TIA! -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

1 0

[Bug 2716] New: When running install.exe: Unhandled exception: page fault.....
by Wine Bugs 13 Feb '05

13 Feb '05

http://bugs.winehq.org/show_bug.cgi?id=2716 Summary: When running install.exe: Unhandled exception: page fault..... Product: Wine Version: 20050111 Platform: PC OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: wine-binary AssignedTo: wine-bugs(a)winehq.org ReportedBy: nyyr(a)seznam.cz Hello, when I try to run install.exe (packed in http://www.csob.cz/data/eb/hb24/CSOBHB24.exe), WINE immediately shows error dialog (before any app-window created), that an error occured (see log): ============================================================================= wine: Unhandled exception (thread 0009), starting debugger... WineDbg starting on pid 0x8 Unhandled exception: page fault on read access to 0x00000000 in 32-bit code (0x004048fb). In 32 bit mode. Register dump: CS:0073 SS:007b DS:007b ES:007b FS:003b GS:0033 EIP:004048fb ESP:4069fc58 EBP:410e0d28 EFLAGS:00210286( - 00 -RISP1) EAX:00000000 EBX:4089b810 ECX:ffffffff EDX:0000000b ESI:410e0d4c EDI:00000000 Stack dump: 0x4069fc58: ffffffff 0042da98 00000000 ffffffff 0x4069fc68: 00000010 410e0d28 410e0d28 00000104 0x4069fc78: 411f1a8c 0040b4b4 00000002 81ff0000 0x4069fc88: 00000001 00000000 00000002 00009000 0x4069fc98: 3df8750e 3df8750e 3df8750e 25534f25 0x4069fca8: 00000000 0040454f 0042da98 0042da98 Backtrace: =>1 0x004048fb in install (+0x48fb) (0x410e0d28) 2 0x411f1aac (0x00423350) 3 0x00404b00 in install (+0x4b00) (0x00404ad0) 4 0x0a8c818b (0x0424548b) 5 0x00000000 (0x00000000) 0x004048fb: repne scasb %es:(%edi) Modules: Module Address Debug info Name (54 modules) PE 0x00400000-00436000 Export install ELF 0x40000000-40015000 Deferred ld-linux.so.2 ELF 0x40022000-4003b000 Deferred libwine.so.1 ELF 0x4003b000-4004c000 Deferred libpthread.so.0 ELF 0x4004c000-4016b000 Deferred libc.so.6 ELF 0x4016b000-4016e000 Deferred libdl.so.2 ELF 0x4016f000-401ed000 Deferred ntdll<elf> \-PE 0x40190000-401ed000 \ ntdll ELF 0x401f9000-402ee000 Deferred libwine_unicode.so.1 ELF 0x402ee000-40311000 Deferred libm.so.6 ELF 0x4031d000-40327000 Deferred libnss_files.so.2 ELF 0x40440000-40563000 Deferred kernel32<elf> \-PE 0x40470000-40563000 \ kernel32 ELF 0x406a0000-407e0000 Deferred user32<elf> \-PE 0x406c0000-407e0000 \ user32 ELF 0x407e0000-40872000 Deferred gdi32<elf> \-PE 0x40800000-40872000 \ gdi32 ELF 0x40872000-408b3000 Deferred advapi32<elf> \-PE 0x40880000-408b3000 \ advapi32 ELF 0x408b3000-40946000 Deferred comdlg32<elf> \-PE 0x408c0000-40946000 \ comdlg32 ELF 0x40946000-40a0b000 Deferred shell32<elf> \-PE 0x40960000-40a0b000 \ shell32 ELF 0x40a0b000-40a6c000 Deferred shlwapi<elf> \-PE 0x40a20000-40a6c000 \ shlwapi ELF 0x40a6c000-40af5000 Deferred ole32<elf> \-PE 0x40a80000-40af5000 \ ole32 ELF 0x40af5000-40b40000 Deferred rpcrt4<elf> \-PE 0x40b10000-40b40000 \ rpcrt4 ELF 0x40b40000-40b60000 Deferred iphlpapi<elf> \-PE 0x40b50000-40b60000 \ iphlpapi ELF 0x40b60000-40c2b000 Deferred comctl32<elf> \-PE 0x40b70000-40c2b000 \ comctl32 ELF 0x40c2b000-40c53000 Deferred winspool.drv<elf> \-PE 0x40c30000-40c53000 \ winspool.drv ELF 0x40c5f000-40ccb000 Deferred libfreetype.so.6 ELF 0x40ccb000-40cdc000 Deferred libz.so.1 ELF 0x40cdc000-40d07000 Deferred libfontconfig.so.1 ELF 0x40d07000-40d27000 Deferred libexpat.so.0 ELF 0x40d27000-40db5000 Deferred x11drv<elf> \-PE 0x40d40000-40db5000 \ x11drv ELF 0x40db5000-40db8000 Deferred xlcdef.so.2 ELF 0x40dc1000-40dca000 Deferred libsm.so.6 ELF 0x40dca000-40de2000 Deferred libice.so.6 ELF 0x40de2000-40df0000 Deferred libxext.so.6 ELF 0x40df0000-40ebb000 Deferred libx11.so.6 ELF 0x40ebb000-40f60000 Deferred libgl.so.1 ELF 0x40f60000-40f69000 Deferred libxcursor.so.1 ELF 0x40f69000-40f71000 Deferred libxrender.so.1 ELF 0x40f89000-40fa7000 Deferred ximcp.so.2 ELF 0x40fa8000-40fab000 Deferred iso8859-2.so ELF 0x40fab000-40fca000 Deferred imm32<elf> \-PE 0x40fb0000-40fca000 \ imm32 ELF 0x77f00000-77f03000 Deferred <wine-loader> Threads: process tid prio (all id:s are in hex) 00000008 (D) C:\Temp\install.exe 00000009 0 <== WineDbg terminated on pid 0x8 ========================================================================== I'm using binary RPM (build 20050211 for Mandrake - see link on winehq.org) and Mandrake 2.6.8.1-24mdk and sample config file from source tar (20050211). The application works allmost fine when installed on Windows and then copied to wine dir.... But i'd like not to have to use Windows for install :-) If you need some files (config, *.reg), let me know.... Nyyr -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

1 0

[Bug 2596] segmentation fault with Microsoft Flight Simulator 98
by Wine Bugs 12 Feb '05

12 Feb '05

http://bugs.winehq.org/show_bug.cgi?id=2596 ------- Additional Comments From jerome.bouat(a)wanadoo.fr 2005-12-02 15:33 ------- [j@localhost tmp]$ wine --version Wine 20050211 [j@localhost tmp]$ Here is the log of the launch: --- [j@localhost tmp]$ wine /home/j/.wine/drive_c/Program\ Files/Microsoft\ Games/Flight\ Simulator/FLTSIM98.EXE Loading required GL library /usr/X11R6/lib/libGL.so.1.2 fixme:ddraw:Main_DirectDraw_SetCooperativeLevel (0x4038aac8)->(00010024,00000008) fixme:mmtime:timeBeginPeriod Stub; we set our timer resolution at minimum fixme:dsound:IDirectSoundImpl_SetCooperativeLevel level=DSSCL_PRIORITY not fully supported fixme:ddraw:Main_DirectDrawClipper_Initialize (0x4038d258)->(0x4038aad4,0x00000000),stub! fixme:ddraw:Main_DirectDrawClipper_Initialize (0x403874b0)->(0x4038aad4,0x00000000),stub! fixme:ddraw:Main_DirectDrawClipper_Initialize (0x403d70e0)->(0x4038aad4,0x00000000),stub! fixme:bitblt:X11DRV_BitBlt potential optimization - client-side DIB copy fixme:imm:ImmGetContext (0x10074): stub fixme:imm:ImmSetOpenStatus Semi-Stub fixme:imm:ImmReleaseContext (0x10074, 0x4037bbb0): stub fixme:imm:ImmGetContext (0x1007a): stub fixme:imm:ImmSetOpenStatus Semi-Stub fixme:imm:ImmReleaseContext (0x1007a, 0x4037bbb0): stub fixme:bitblt:X11DRV_BitBlt potential optimization - client-side DIB copy fixme:imm:ImmGetContext (0x10074): stub fixme:imm:ImmNotifyIME (0x4037bbb0, 21, 4, 0): stub fixme:imm:ImmReleaseContext (0x10074, 0x4037bbb0): stub fixme:imm:ImmGetDefaultIMEWnd (0x10074 - (nil) 0x4037bbb0 ): semi-stub fixme:imm:ImmGetDefaultIMEWnd (0x10074 - 0x10088 0x4037bbb0 ): semi-stub fixme:imm:ImmGetDefaultIMEWnd (0x10074 - 0x10088 0x4037bbb0 ): semi-stub fixme:imm:ImmGetDefaultIMEWnd (0x10074 - 0x10088 0x4037bbb0 ): semi-stub err:local:LOCAL_ReAlloc Needed to move fixed block, but LMEM_MOVEABLE not specified. fixme:ddraw:Main_DirectDrawClipper_Initialize (0x404009a0)->(0x4038aad4,0x00000000),stub! fixme:mmtime:timeBeginPeriod Stub; we set our timer resolution at minimum Segmentation fault [j@localhost tmp]$ --- Here the install log: --- [j@localhost tmp]$ wine /mnt/cdrom/Install.exe Converted windows dir to new entry HKCU\Environment "windir" = L"c:\\windows" Loading required GL library /usr/X11R6/lib/libGL.so.1.2 fixme:shell:Stream_WriteLocationInfo writing empty location info Loading required GL library /usr/X11R6/lib/libGL.so.1.2 err:menubuilder:fork_and_wait wineshelllink returned 1 err:menubuilder:InvokeShellLinker failed to fork and exec wineshelllink fixme:shell:Stream_WriteLocationInfo writing empty location info Loading required GL library /usr/X11R6/lib/libGL.so.1.2 err:menubuilder:fork_and_wait wineshelllink returned 1 err:menubuilder:InvokeShellLinker failed to fork and exec wineshelllink Loading required GL library /usr/X11R6/lib/libGL.so.1.2 fixme:winhelp:WinMain Unsupported cmd line: fs98.hlp [j@localhost tmp]$ -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

1 0

[Bug 2715] Insecure file creation of "regxxxxxxx.tmp" in /tmp
by Wine Bugs 12 Feb '05

12 Feb '05

http://bugs.winehq.org/show_bug.cgi?id=2715 badpenguin79(a)hotmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|major |critical Priority|P2 |P1 -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

1 0

[Bug 2715] New: Insecure file creation of "regxxxxxxx.tmp" in /tmp
by Wine Bugs 12 Feb '05

12 Feb '05

http://bugs.winehq.org/show_bug.cgi?id=2715 Summary: Insecure file creation of "regxxxxxxx.tmp" in /tmp Product: Wine Version: 20041201 Platform: PC OS/Version: Linux Status: UNCONFIRMED Severity: major Priority: P2 Component: wine-files AssignedTo: wine-bugs(a)winehq.org ReportedBy: badpenguin79(a)hotmail.com When an application is runned, wine makes a dump of windows registry in /tmp with name regxxxxxxx.tmp . regxxxxxxx.tmp is created with -rw-r--r-- permissions. This could represent a security problem in a multi-user environment. Indeed, any local user could access to windows registry's dump and get sensitive information, like passwords or other private data. A local attacker could use a script to check every X seconds the presence of a regxxxxxxx.tmp and copy it in his home directory for a successive analysis. I have made some tests to reproduce this bug, running several applications and i noted that it's been possibile get information in HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider and ------------------------------------------------------------------------------- [Software\\Microsoft\\Internet Account Manager\\Accounts\\00000008] "Account Name"="libero.it" "Connection Type"=dword:00000003 "POP3 Server"="pop3.libero.it" "POP3 User Name"="xxxxxxx" "POP3 Password2"=hex:xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,\ xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,\ xx,xx,xx,xx,xx,xx,xx,xx,xx,xx "POP3 Prompt for Password"=dword:00000000 "SMTP Server"="mail.libero.it" "SMTP Display Name"="xxxxxx" "SMTP Email Address"="xxxxxx(a)libero.it" "POP3 Skip Account"=dword:00000000 "POP3 Port"=dword:0000006e "SMTP User Name"="" "SMTP Password2"=hex:xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,\ xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,\ xx,xx,xx,xx,xx,xx,xx,xx,xx,xx "SMTP Use Sicily"=dword:00000000 "SMTP Prompt for Password"=dword:00000000 ------------------------------------------------------------------------------- where there were outlook's passwords encrypted. Note that also if they are encrypted, they could be imported on the windows registry system of the attacker and so gain illegal access to victim's account. I think that regxxxxxxx.tmp should be created with 0600 permissions. Best regards, Giovanni Delvecchio -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

wine-bugs