Wine securityflaw.
Matthew Bloch
matthew at bytemark.co.uk
Sun Oct 27 07:00:14 CST 2002
On Sunday 27 October 2002 11:37, Peter Andersson wrote:
> What is it with you people?
> I was just trying to make a point about the security risks about using wine
> at present. And you start flameing me?
I don't see any flames, just strong criticism of your idea for which you may
not have thought all the issues through. WINE is not a sandbox as Alexandre
pointed out, because writing a sandbox for any system is hard work: as proof
look at the complexity of Valgrind, a program which emulates an x86-Linux
system on top of another x86-Linux system for diagnostic purposes. Think how
much harder it is to write the same kind of code for an OS when you've not
got the same OS under your feet; it would be a slow-performing monster of a
program.
Given that WINE is not a sandbox, simplistically it's a translator of system
calls & binary formats, the risks of running a WINE-based program are exactly
the same risks you run with any unknown binary code, so any checks on sanity
of syscalls are better done in the kernel or general-purpose executable
wrapper than in WINE specifically.
I started a conceptually similar emulator project to WINE a while ago for
another OS (riscose.sf.net): a program to run RISC OS binaries on Unix. The
issues are the same: just because malicious code comes from an unfamiliar OS
doesn't make its destructive capabilities any different from native code, so
if you're looking to tighten security of WINE programs, look to the same
methods you'd use to tighten security of *any* unknown program: run it as a
different user, run it in a Usermode Linux instance (user-mode-linux.sf.net),
use kernel patches to restrict its use of system calls. But WINE shouldn't
be bothered with any of this.
If you're interested in playing with this kind of work, I know someone has
written a Python-based framework (called Subversion or Subterfuge or
something like that, sorry, can't find a link...) which lets you run any
Linux process with bits of Python code intercepting and changing or barring
system calls on the fly. That could be used to prototype a much more general
Linux security framework, and one that could be used for more projects than
just WINE.
cheers,
--
Matthew Bloch Bytemark Computer Consulting Limited
http://www.bytemark.co.uk/
tel. +44 (0) 8707 455026
More information about the wine-devel
mailing list