Hi!
Winetricks has a symlink vulnerability, it does
(echo "$title"; echo ""; echo "$text") > /tmp/x_showmenu.txt
An attacker can exploit this by creating a symlink called /tmp/x_showmenu.txt and have it point to some file that a winetricks user can write (e.g. ~/Documents/important_stuff.odf). Winetricks will then overwrite that file with its data.
To solve this, apply the following patch that simply avoids the creation of a temporary file:
--- winetricks 2008-12-18 06:34:42.000000000 +0100 +++ winetricks 2008-12-23 18:00:17.000000000 +0100 @@ -207,8 +207,8 @@ args="$args,$1" shift done - (echo "$title"; echo ""; echo "$text") > /tmp/x_showmenu.txt - xmessage -print -file /tmp/x_showmenu.txt -buttons "Cancel,$args" | sed 's/Cancel//' + (echo "$title"; echo ""; echo "$text") | \ + xmessage -print -file - -buttons "Cancel,$args" | sed 's/Cancel//' }
showmenu()
Merry Christmas Stefan
-
Stefan Nordhausen