New subject: [Bug 31114] Wine is too insecure.

3 Jul 2012


      http://bugs.winehq.org/show_bug.cgi?id=31114
Bug #: 31114
           Summary: Wine is too insecure.
           Product: Wine
           Version: unspecified
          Platform: x86
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: -unknown
        AssignedTo: wine-bugs@winehq.org
        ReportedBy: franchukrom@gmail.com
    Classification: Unclassified
Program under wine can call Linux syscalls. The quick way to get the proof:
compile this code: http://pastebin.com/NNxPcYxx with Windows version of nasm
and run it under wine. It works. The program illustrates syscalls "write" (to
print the message to a terminal) and "exit".
But users of wine usually believe that their filesystems can't be damaged if
they configure wine's drives not to point on files outside .wine. It is wrong:
if malware developer is aware of wine, he can use Linux syscalls to have a full
access to the whole computer with rights of user that ran wine.
I think, wine should use chroot in order to avoid this problem.
-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

[Bug 31114] New: Wine is too insecure.