wineserver socket file and DOS attacks

Ove Kaaven ovek at arcticnet.no
Wed Apr 30 14:08:37 CDT 2008


Maarten Lankhorst skrev:
> The latter won't work, they could create the directory and then delete
> it after wineserver started. I don't think it is really a problem, by
> the time someone else can put that directory in /tmp chances are that
> they can do a lot more malicious things then just making Wine refuse
> to run.

Like what? The UNIX user/permission system, including the sticky bit 
used on /tmp, is supposed to protect local users against each other, but 
this is contingent on files created in /tmp using unique names (like 
what mktemp generates). There's very little else malicious people can do 
if the system is otherwise properly set up in a secure fashion, and this 
socket-in-/tmp thing sounds like a quite legitimate concern.





More information about the wine-devel mailing list