https://bugs.winehq.org/show_bug.cgi?id=39013
Bug ID: 39013 Summary: Cannot change the location of the folder put in /tmp/.wine-uid Product: Wine Version: unspecified Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: enhancement Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: sstewartgallus00@mylangara.bc.ca Distribution: ---
I want to set /tmp on my machine to be only readable and writeable by root and I cannot use Wine with that configuration unless I can change that folder. Also, only allowing the static folder in /tmp opens up a denial-of-service attack against other users. A user can be a jerk and create /tmp/.wine-uid directories to block other users.
https://bugs.winehq.org/show_bug.cgi?id=39013
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download, source Status|UNCONFIRMED |NEW CC| |austinenglish@gmail.com Version|unspecified |1.7.48 Ever confirmed|0 |1
--- Comment #1 from Austin English austinenglish@gmail.com --- See also bug 14838.
https://bugs.winehq.org/show_bug.cgi?id=39013
Ken Sharp imwellcushtymelike@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.winehq.org/sho | |w_bug.cgi?id=14838
https://bugs.winehq.org/show_bug.cgi?id=39013
--- Comment #2 from Ken Sharp imwellcushtymelike@gmail.com --- (In reply to Steven Stewart-Gallus from comment #0)
A user can be a jerk and create /tmp/.wine-uid directories to block other users.
Some randomisation would be helpful there, with wineserver knowing what temporary directory is in use, and cleaning up after itself. Certainly, on a system with multiple users all using Wine, the /tmp is left littered with .wine-* directories.
https://bugs.winehq.org/show_bug.cgi?id=39013
NP-Hardass np.hardass@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |np.hardass@gmail.com
--- Comment #3 from NP-Hardass np.hardass@gmail.com --- (In reply to Steven Stewart-Gallus from comment #0)
I want to set /tmp on my machine to be only readable and writeable by root and I cannot use Wine with that configuration unless I can change that folder. Also, only allowing the static folder in /tmp opens up a denial-of-service attack against other users. A user can be a jerk and create /tmp/.wine-uid directories to block other users.
Bump.
Downstream distros are starting to mark this as a security bug:
https://bugs.gentoo.org/show_bug.cgi?id=576134 https://bugzilla.redhat.com/show_bug.cgi?id=1312958 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816034
https://bugs.winehq.org/show_bug.cgi?id=39013
Sebastian Lackner sebastian@fds-team.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |sebastian@fds-team.de
https://bugs.winehq.org/show_bug.cgi?id=39013
--- Comment #4 from Alexandre Julliard julliard@winehq.org --- Created attachment 53781 --> https://bugs.winehq.org/attachment.cgi?id=53781 Support XDG_RUNTIME_DIR
How about something like this?
https://bugs.winehq.org/show_bug.cgi?id=39013
--- Comment #5 from Sebastian Lackner sebastian@fds-team.de --- (In reply to Alexandre Julliard from comment #4)
Created attachment 53781 [details] Support XDG_RUNTIME_DIR
How about something like this?
Wasn't the idea that this code should not depend on any environment variables?
https://bugs.winehq.org/show_bug.cgi?id=39013
--- Comment #6 from Alexandre Julliard julliard@winehq.org --- (In reply to Sebastian Lackner from comment #5)
(In reply to Alexandre Julliard from comment #4)
Created attachment 53781 [details] Support XDG_RUNTIME_DIR
How about something like this?
Wasn't the idea that this code should not depend on any environment variables?
Yes, but XDG_RUNTIME_DIR is in theory supposed to be constant across a user session. Of course the user can still mess with it, but that would probably break other things too.
Do you have other suggestions?
https://bugs.winehq.org/show_bug.cgi?id=39013
--- Comment #7 from Sebastian Lackner sebastian@fds-team.de --- (In reply to Alexandre Julliard from comment #6)
Yes, but XDG_RUNTIME_DIR is in theory supposed to be constant across a user session. Of course the user can still mess with it, but that would probably break other things too.
Do you have other suggestions?
Couldn't we use the code path for Android on all platforms, or does this have other disadvantages? This would also ensure that people can only access the wineserver sockets, when they have access to the wine prefix itself.
Using an environment variable is probably also fine, but it would be nice to have some precautions against wine prefix corruptions, for example a file lock on the registry or similar. I could imagine that XDG_RUNTIME_DIR is not set when people execute wine directly from a cronjob for example.
https://bugs.winehq.org/show_bug.cgi?id=39013
--- Comment #8 from Alexandre Julliard julliard@winehq.org --- (In reply to Sebastian Lackner from comment #7)
Couldn't we use the code path for Android on all platforms, or does this have other disadvantages? This would also ensure that people can only access the wineserver sockets, when they have access to the wine prefix itself.
We can't use the prefix directory, because it can be on a network file system, and/or not support locking or sockets.
https://bugs.winehq.org/show_bug.cgi?id=39013
--- Comment #9 from NP-Hardass np.hardass@gmail.com --- Just to be clear, the aspect that is being considered a security issue is the use of /tmp/.wine-uid and lack of security checks on it, which is part of what this bug report is about.
https://bugs.winehq.org/show_bug.cgi?id=39013
Sebastian Lackner sebastian@fds-team.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jre.winesim@gmail.com
--- Comment #10 from Sebastian Lackner sebastian@fds-team.de --- *** Bug 40274 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=39013
Sebastian Lackner sebastian@fds-team.de changed:
What |Removed |Added ---------------------------------------------------------------------------- See Also| |http://bugs.debian.org/8160 | |34
https://bugs.winehq.org/show_bug.cgi?id=39013
--- Comment #11 from Austin English austinenglish@gmail.com --- (In reply to Alexandre Julliard from comment #6)
(In reply to Sebastian Lackner from comment #5)
(In reply to Alexandre Julliard from comment #4)
Created attachment 53781 [details] Support XDG_RUNTIME_DIR
How about something like this?
Wasn't the idea that this code should not depend on any environment variables?
Yes, but XDG_RUNTIME_DIR is in theory supposed to be constant across a user session. Of course the user can still mess with it, but that would probably break other things too.
Do you have other suggestions?
mkdtemp?
https://bugs.winehq.org/show_bug.cgi?id=39013
Michel Terrisse mterrisse@free.fr changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |mterrisse@free.fr
--- Comment #12 from Michel Terrisse mterrisse@free.fr --- Note that XDG_RUNTIME_DIR is not defined on macOS (tested on macOS 10.15 Catalina).
Regards,
Michel Terrisse
-
wine-bugs@winehq.org -
WineHQ Bugzilla