Paul,
Basically, yes I don't know what the exploit is (there's no magic in there : possibility for an exploit is enough to justify action). But I don't ask for an API breakage, I propose wine to support two modes : one with API misuse checks and one strictly the same behaviour as Windows.
This leave the choice for users to use wine on the safe side or on the less safe side.
As I already answered to Marcus, I will go for some reflexion/documentation on the subject, Guillaume
2009/2/1 Paul TBBle Hampson Paul.Hampson@pobox.com
On Sun, Feb 01, 2009 at 10:41:25AM +0100, Guillaume SH wrote:
Imagine an ill-intentioned people, call it the attackers. By the mean of simply creating the following C application (based on classical "Hello word") :
#include needed header
int main (int argc, char * argv[]) { /* printf ( "Hello world!" ); */ GetOverlappedResult(0, NULL, NULL, FALSE);
return EXIT_SUCCESS;Running this application on wine, I get to have my crash, with the possibility of an exploit.
A crash isn't magically a possibility of an exploit. Certain types of crashes (eg. user-supplied buffer overruns that hammer the return address on the stack) are vectors for security issues. Dereferencing a NULL isn't, off the top of my head.
A better exploit than GetOverlappedResult(0, NULL, NULL, FALSE) at that point is prolly to just do whatever your exploit's payload was going to be.
I won't describe in detail the way to perform the exploit as : 1 - I don't know how to proceed and I don't want to 2 - It would be showing poor sense of responsibilities
So you don't actually know what the exploit is you're trying to get us to break from the Win32 API to avoid, and you specifically refuse to describe it further?
--
Paul "TBBle" Hampson, B.Sc, LPI, MCSE Very-later-year Asian Studies student, ANU The Boss, Bubblesworth Pty Ltd (ABN: 51 095 284 361) Paul.Hampson@Pobox.com
Of course Pacman didn't influence us as kids. If it did, we'd be running around in darkened rooms, popping pills and listening to repetitive music. -- Kristian Wilson, Nintendo, Inc, 1989
License: http://creativecommons.org/licenses/by/2.5/au/