wineboot: Start items in StartUp folder on boot, includes security measures.

Koshelev, Misha Vladislavo mk144210 at bcm.tmc.edu
Sun Feb 11 16:33:00 CST 2007 

Well, that is what I thought too, I sent out another patch that does not have these anti-security measures,
but there were a lot of responses about them being necessary and someone marked the bug report as WILLNOTFIX.
Anyhow, both patches have been sent to wine-patches and also are available in the bug report #7384, so
I think Alexandre can choose one or the other. Anyone have any comments about the IShellFolder code or jus
want to check it over and give me a yay or nay? It works for me, but I just wanted to check with an expert.

Misha

-----Original Message-----
From: James Hawkins [mailto:truiken at gmail.com]
Sent: Sun 2/11/2007 4:09 PM
To: wine-devel at winehq.org
Cc: Koshelev, Misha Vladislavo
Subject: Re: wineboot: Start items in StartUp folder on boot, includes security measures.
 
On 2/11/07, Misha Koshelev <mk144210 at bcm.tmc.edu> wrote:
> Ok, thanks to everybody's responses on the wine-devel list. Here is my
> new version of this patch. It starts the items in the StartUp folder
> like Windows does (again, if anybody who knows about IShellFolder will
> look over my code that would be great :) I tested it and it works for
> the Vector NTI installer, but I would really like to have an expert's
> opinion on whether it is missing osmething). There were a lot of
> comments on wine-devel about malware using this system to start itself
> so here is what I added:
>
> - When wineboot finds a file that it wants to start in the StartUp
> folder, it asks the user whether he wants to run the program. His
> options are: Always, Yes, No (default), and Never.
> - If he selects Yes the program is run, if he select No it is not.
> - If he selects Always or Never, I create a registry key in:
> HKEY_CURRENT_USER\Software\Wine\StartupItems with the full pathname
> of the program and the value "always" or "never." When wineboot sees
> this program in the StartUp folder it checks this key, and if it is
> set it performs the appropriate action.
>
> To me it seems like this would be enough to prevent malware from using
> this system because the user could just click no or never. Also, someone
> pointed out that wineboot already runs quite a lot of other RUN registry
> keys that can be used for malware, and currently there is no system for
> these keys like the one I made for startup. Any comments will be
> appreciated. Thanks.
>

These anti-malware changes are unnecessary.  We implement Wine to be
bug-for-bug compatible with Windows.  Windows doesn't ask this
question, and Wine shouldn't either.  It's not our policy to not
implement portions of Windows that make it easier for malware to run.

-- 
James Hawkins

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winehq.org/pipermail/wine-devel/attachments/20070211/b35c988e/attachment.html

More information about the wine-devel mailing list