wineserver socket file and DOS attacks
Maarten Lankhorst
m.b.lankhorst at gmail.com
Wed Apr 30 13:45:15 CDT 2008
Hello Steven,
2008/4/30 Steven Elliott <selliott4 at austin.rr.com>:
> I have some concerns about the location of the socket file that
> wineserver uses. Since by default the current location is in /tmp my
> concern is that anyone can stop anyone else from using wine just by
> creating a directory named /tmp/.wine-500.
>
> As far as I know the only risk is denial of service in nature since wine
> seems to be smart enough to make sure the /tmp/.wine-500 is owned by the
> user invoking the wine application:
> > notepad
> wineserver: /tmp/.wine-500 is not owned by you
>
> Previously the socket file was under ~/.wine. I found this which
> briefly documents the change here:
> http://www.winehq.org/site/docs/winedev-guide/x2584
> under section "7.3.2. The Wine server" it says:
>
> "In earlier versions of Wine the master socket mentioned above was
> actually created in the configuration directory; either your home
> directory's /wine subdirectory or wherever the WINEPREFIX environment
> variable points. Since that might not be possible the socket is actually
> created within the /tmp directory with a name that reflects the
> configuration directory."
>
> /tmp/.wine-<user Id> is hard coded in libs/wine/config.c, so that aspect
> of the socket file location is not configurable.
>
> Anyway, have alternatives such as the following been considered?:
>
> 1) Create the socket file in ~/.wine (or wherever WINEPREFIX points)
> like wine used to if the user's home directory exists and is writable.
> Use /tmp/.wine-<user Id> as a fallback.
>
> 2) Append some additional integer to /tmp/.wine-<user Id> that is
> incremented if that directory already exists and is owned by someone
> else. For example, if /tmp/.wine-500 already exists for user 500 but
> is owned by someone else then both wineserver and the wine application
> would append "-1" and then keep incrementing:
> /tmp/.wine-500
> /tmp/.wine-500-1
> /tmp/.wine-500-2
The latter won't work, they could create the directory and then delete
it after wineserver started. I don't think it is really a problem, by
the time someone else can put that directory in /tmp chances are that
they can do a lot more malicious things then just making Wine refuse
to run.
Cheers,
Maarten.
More information about the wine-devel
mailing list