On 17 February 2013 15:40, Stefan Dösinger stefandoesinger@gmail.com wrote:
Am 17.02.2013 um 14:25 schrieb Stanislaw Halik sthalik@misaki.pl:
Security impact is nil - Win32 can reference the extension regardless. Well-written code won't expose the issue. Patch is a bit messed up WRT lack of binding back to 0 in some places, but that'll be amended.
I basically agree with this - the problem with this extension is that the driver exports it. If we're using it or not doesn't really have a security impact.
Sure, I just think it's a terrible extension, not necessarily that supporting it would have security impact for Wine. (Although once you go there, an application e.g. locking up the system becomes potentially a Wine bug, not automatically a driver bug.) The other consideration is that I don't want to encourage other drivers to implement this kind of extension. Of course that's all aside from all the generic arguments against having multiple code paths for essentially the same thing, and the increased complexity that comes with that.