[Bug 31114] New: Wine is too insecure.

3 Jul 2012


      http://bugs.winehq.org/show_bug.cgi?id=31114
Bug #: 31114
           Summary: Wine is too insecure.
           Product: Wine
           Version: unspecified
          Platform: x86
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: -unknown
        AssignedTo: wine-bugs@winehq.org
        ReportedBy: franchukrom@gmail.com
    Classification: Unclassified
Program under wine can call Linux syscalls. The quick way to get the proof:
compile this code: http://pastebin.com/NNxPcYxx with Windows version of nasm
and run it under wine. It works. The program illustrates syscalls "write" (to
print the message to a terminal) and "exit".
But users of wine usually believe that their filesystems can't be damaged if
they configure wine's drives not to point on files outside .wine. It is wrong:
if malware developer is aware of wine, he can use Linux syscalls to have a full
access to the whole computer with rights of user that ran wine.
I think, wine should use chroot in order to avoid this problem.
-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

[Bug 31114] New: Wine is too insecure.