Wine securityflaw.

Matthew Bloch matthew at bytemark.co.uk
Sun Oct 27 07:00:14 CST 2002 

On Sunday 27 October 2002 11:37, Peter Andersson wrote:
> What is it with you people?
> I was just trying to make a point about the security risks about using wine
> at present.  And you start flameing me?

I don't see any flames, just strong criticism of your idea for which you may 
not have thought all the issues through.  WINE is not a sandbox as Alexandre 
pointed out, because writing a sandbox for any system is hard work: as proof 
look at the complexity of Valgrind, a program which emulates an x86-Linux 
system on top of another x86-Linux system for diagnostic purposes.  Think how 
much harder it is to write the same kind of code for an OS when you've not 
got the same OS under your feet; it would be a slow-performing monster of a 
program.

Given that WINE is not a sandbox, simplistically it's a translator of system 
calls & binary formats, the risks of running a WINE-based program are exactly 
the same risks you run with any unknown binary code, so any checks on sanity 
of syscalls are better done in the kernel or general-purpose executable 
wrapper than in WINE specifically.  

I started a conceptually similar emulator project to WINE a while ago for 
another OS (riscose.sf.net): a program to run RISC OS binaries on Unix.  The 
issues are the same: just because malicious code comes from an unfamiliar OS 
doesn't make its destructive capabilities any different from native code, so 
if you're looking to tighten security of WINE programs, look to the same 
methods you'd use to tighten security of *any* unknown program: run it as a 
different user, run it in a Usermode Linux instance (user-mode-linux.sf.net), 
use kernel patches to restrict its use of system calls.  But WINE shouldn't 
be bothered with any of this.  

If you're interested in playing with this kind of work, I know someone has 
written a Python-based framework (called Subversion or Subterfuge or 
something like that, sorry, can't find a link...) which lets you run any 
Linux process with bits of Python code intercepting and changing or barring 
system calls on the fly.  That could be used to prototype a much more general 
Linux security framework, and one that could be used for more projects than 
just WINE.

cheers,

-- 
Matthew Bloch         Bytemark Computer Consulting Limited
                                http://www.bytemark.co.uk/
                                  tel. +44 (0) 8707 455026

More information about the wine-devel mailing list