http://bugs.winehq.org/show_bug.cgi?id=22006
Summary: OpenProcess does not enforce ACL Product: Wine Version: unspecified Platform: x86 OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: kernel32 AssignedTo: wine-bugs@winehq.org ReportedBy: shalomgo@gmail.com
Created an attachment (id=26746) --> (http://bugs.winehq.org/attachment.cgi?id=26746) Test case
OpenProcess (and probably other functions) does not properly enforce process ACLs, allowing unprivileged processes to read and write memory of privileged ones.
http://bugs.winehq.org/show_bug.cgi?id=22006
--- Comment #1 from Shalom Gold shalomgo@gmail.com 2010-03-11 07:40:22 --- Test case output on Windows XP: OpenProccess succeeded. OpenProccess failed.
Test case output on Wine (Linux): OpenProccess succeeded. OpenProccess succeeded. ... (Until all the processes are killed. Basically a fork bomb.)
http://bugs.winehq.org/show_bug.cgi?id=22006
Vitaliy Margolen vitaliy@kievinfo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Version|unspecified |1.1.40 Ever Confirmed|0 |1
--- Comment #2 from Vitaliy Margolen vitaliy@kievinfo.com 2010-03-11 09:04:12 --- Confirming.
http://bugs.winehq.org/show_bug.cgi?id=22006
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download, testcase
http://bugs.winehq.org/show_bug.cgi?id=22006
tgrim thomgrimes@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |thomgrimes@gmail.com
--- Comment #3 from tgrim thomgrimes@gmail.com 2011-05-26 04:22:48 CDT --- It's been a year. Is this any closer to getting fixed?
http://bugs.winehq.org/show_bug.cgi?id=22006
Nikolay Sivov bunglehead@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #26746|text/x-csrc |text/plain mime type| |
http://bugs.winehq.org/show_bug.cgi?id=22006
--- Comment #4 from Nikolay Sivov bunglehead@gmail.com 2011-08-09 13:59:15 CDT --- Is there any real life applications that depend on that?
http://bugs.winehq.org/show_bug.cgi?id=22006
Jimmy Christensen jichr86@dusted.dk changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jichr86@dusted.dk
--- Comment #5 from Jimmy Christensen jichr86@dusted.dk 2012-08-16 03:49:42 CDT --- (In reply to comment #4)
Is there any real life applications that depend on that?
Yes, Continuum does.
The current fix is for OpenProcess to return NULL on all calls where the access parameter has PROCESS_VM_WRITE bit set.
I have personally not had any trouble with other windows programs because of this fix but have not investigated in depth.
http://bugs.winehq.org/show_bug.cgi?id=22006
joris@jorisvanderwel.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |joris@jorisvanderwel.com
http://bugs.winehq.org/show_bug.cgi?id=22006
Sebastian Lackner sebastian@fds-team.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |sebastian@fds-team.de
http://bugs.winehq.org/show_bug.cgi?id=22006
Qian Hong fracting@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |fracting@gmail.com
https://bugs.winehq.org/show_bug.cgi?id=22006
Béla Gyebrószki gyebro69@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |patch URL| |http://www.getcontinuum.com | |/downloads/continuum/Contin | |uum040Setup.exe CC| |gyebro69@gmail.com Summary|OpenProcess does not |OpenProcess does not |enforce ACL |enforce ACL (Continuum | |fails to start)
--- Comment #6 from Béla Gyebrószki gyebro69@gmail.com --- Still present in wine-1.7.43-166-g39d71c5 Tested with the game 'Continuum': http://www.getcontinuum.com/downloads/continuum/Continuum040Setup.exe
The game hangs on start.
The patchset from wine-staging fixes the issue: https://github.com/wine-compholio/wine-staging/tree/master/patches/server-Cr...
Continuum040Setup.exe sha1: c98e42a92b1f2c3233bf89d597cb22b0162b2668
https://bugs.winehq.org/show_bug.cgi?id=22006
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |voltagex@voltagex.org
--- Comment #7 from Anastasius Focht focht@gmx.net --- *** Bug 38753 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=22006
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |focht@gmx.net Summary|OpenProcess does not |Multiple applications |enforce ACL (Continuum |require support for thread |fails to start) |and process security | |descriptors (Continuum, | |Acrobat Reader DC 2015)
--- Comment #8 from Anastasius Focht focht@gmx.net --- Hello folks,
refining summary to collect more dupes here. Obviously still present. Also needed by Acrobat Reader DC 2015.007.20033 after working around bug 38753 -> disable Adobe protected mode.
--- snip --- $ wine reg add "HKCU\SOFTWARE\Adobe\Acrobat Reader\DC\Privileged" /v bProtectedMode /t REG_DWORD /d 0 /f --- snip ---
$ sha1sum AcroRdrDC1500720033_en_US.exe 1e4726d73e7cf583975bdd5e2656399ffc7513ed AcroRdrDC1500720033_en_US.exe
$ du -sh AcroRdrDC1500720033_en_US.exe 48M AcroRdrDC1500720033_en_US.exe
$ wine --version wine-1.7.46-118-g7a3c988
Regards
https://bugs.winehq.org/show_bug.cgi?id=22006
--- Comment #9 from Joris joris@jorisvanderwel.com --- I made a patch for this a while back, look here: https://github.com/wine-compholio/wine-staging/tree/master/patches/server-Cr...
Feel free to update and submit them
(fyi I am not going to)
https://bugs.winehq.org/show_bug.cgi?id=22006
Michael Müller michael@fds-team.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |STAGED CC| |michael@fds-team.de Staged patchset| |https://github.com/wine-com | |pholio/wine-staging/tree/ma | |ster/patches/server-CreateP | |rocess_ACLs
https://bugs.winehq.org/show_bug.cgi?id=22006
Roger Cruz spark.crz@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |spark.crz@gmail.com
--- Comment #10 from Roger Cruz spark.crz@gmail.com --- (In reply to Joris from comment #9)
I made a patch for this a while back, look here: https://github.com/wine-compholio/wine-staging/tree/master/patches/server- CreateProcess_ACLs
Feel free to update and submit them
(fyi I am not going to)
This could fix a lot of games that depend on anti-cheat engines...
https://bugs.winehq.org/show_bug.cgi?id=22006
André H. nerv@dawncrow.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |nerv@dawncrow.de Staged patchset|https://github.com/wine-com |https://github.com/wine-sta |pholio/wine-staging/tree/ma |ging/wine-staging/tree/mast |ster/patches/server-CreateP |er/patches/server-CreatePro |rocess_ACLs |cess_ACLs
https://bugs.winehq.org/show_bug.cgi?id=22006
Maik Wagner maiktapwagner@aol.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |maiktapwagner@aol.com
--- Comment #11 from Maik Wagner maiktapwagner@aol.com --- I am willing to test this out but I am not sure on how to proceed: If I install the wine-staging package from openSUSE - Would this patch be in the corresponding package?
I also have Acrobat Reader DC installed. What would I have to be on the lookout for?
https://bugs.winehq.org/show_bug.cgi?id=22006
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED URL|http://www.getcontinuum.com |https://web.archive.org/web |/downloads/continuum/Contin |/20150729083610/http://subs |uum040Setup.exe |pace-continuum.com/trackdow | |nload.php?type=win Status|STAGED |RESOLVED Fixed by SHA1| |ac7ae92af1f53db3a240e266e1b | |a73466c8327a5 Summary|Multiple applications |Multiple applications |require support for thread |require support for thread |and process security |and process security |descriptors (Continuum, |descriptors (Continuum |Acrobat Reader DC 2015) |0.40, Acrobat Reader DC | |2015)
--- Comment #12 from Anastasius Focht focht@gmx.net --- Hello folks,
this has been fixed a long time ago by commits:
* https://source.winehq.org/git/wine.git/commitdiff/ac7ae92af1f53db3a240e266e1... ("server: Allow specifying the security descriptor for a new process.")
* https://source.winehq.org/git/wine.git/commitdiff/4a328e08aca20a46ecbee634ff... ("server: Allow specifying the security descriptor for a new thread.")
Part of Wine 3.17 release
It's unfortunate that the removal of Wine-Staging patchset https://github.com/wine-staging/wine-staging/tree/v3.16/patches/server-Creat... patchset was hidden behind a rebase commit https://github.com/wine-staging/wine-staging/commit/3f082c2d0ad0ad46037daac2... which did more things than just that.
Whenever a patchset is dropped from Wine-Staging, the description file shall be checked for any WineHQ Bugzilla bug references to update the ticket.
I've tested Continuum 0.40 (also mentioned in bug 21702). The game worked with Wine 3.17 but not in Wine 3.16.
Stable link via Internet Archive:
https://web.archive.org/web/20150729083610/http://subspace-continuum.com/tra...
Regards
https://bugs.winehq.org/show_bug.cgi?id=22006
Zebediah Figura z.figura12@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |z.figura12@gmail.com
--- Comment #13 from Zebediah Figura z.figura12@gmail.com --- (In reply to Anastasius Focht from comment #12)
It's unfortunate that the removal of Wine-Staging patchset https://github.com/wine-staging/wine-staging/tree/v3.16/patches/server- CreateProcess_ACLs patchset was hidden behind a rebase commit https://github.com/wine-staging/wine-staging/commit/ 3f082c2d0ad0ad46037daac23d785ca159c0dbab which did more things than just that.
Without trying to sound defensive, I'm not sure I follow; I see that as part of the process of rebasing, which means essentially "make all of the Staging patch sets apply against the latest upstream commit". That is, the server-CreateProcess_ACLs patch set applied against 93994dfc0, and did not apply against 3f082c2d0, and was removed because it was no longer necessary. Splitting up the parts of a rebase would be pointless (the intermediate versions would not apply against anything, at all) and take extra time.
Whenever a patchset is dropped from Wine-Staging, the description file shall be checked for any WineHQ Bugzilla bug references to update the ticket.
I tend to assume that a commit author will take action to resolve (or ask for a retest on, etc.) the bug they fix. In future I'll try to be more diligent, if this is unreliable.
https://bugs.winehq.org/show_bug.cgi?id=22006
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #14 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 5.1.