https://bugs.winehq.org/show_bug.cgi?id=49024
Bug ID: 49024 Summary: Malicious software able to alter, infect and/or destroy personal files Product: Wine Version: unspecified Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: major Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: youtube@marcus-s.de Distribution: ---
Hello,
I might have discovered an issue with the current state of Wine execution of Windows programs. While Wine does run pretty well for what I need it, I have been pointed in the direction that it is also possible to execute malicious software to the same effect it has on Windows.
Namely did I perform a test with the "WannaCry" ransomware on a non-live test bed - and have found that not only does it encrypt and destroy files in one's home folder (if standard Wine symlinks are kept in place), but also I found that files that lie outside of the Wine prefix are affected. For me, files in /tmp and a complete custom folder residing on the root level were also affected.
I find this to be quite a security issue when Wine is also able to perform destructive code without any limitations.
Steps to reproduce:
- Install current version of Wine - Acquire a WannaCry (or other Virus) binary - Execute the binary - Observe results
Expected result:
- Security measure that prevents access to files and folders outside the Wine prefix unless specifically specified by user through Winecfg.
Thanks, Marcus