wineserver socket file and DOS attacks

Steven Elliott selliott4 at austin.rr.com
Mon May 5 23:28:19 CDT 2008 

On Mon, 2008-05-05 at 12:16 +0200, Alexandre Julliard wrote:
> Steven Elliott <selliott4 at austin.rr.com> writes:
> 
> > Maybe I'm making some bad assumptions about why the socket file can't be
> > placed in ~/.wine (that not all users have a writable home directory).
> > I'm guessing based on the snippet from my original post that includes
> > "Since that might not be possible" in reference to placing the socket
> > file under ~/.wine.
> 
> No, the real problem with putting it under the home directory is that
> many setups have the home directory on a networked file system, but the
> socket needs to be local to the machine.

Do you happen to know in what cases there are issues with socket files
and NFS directories?  With a small test program I wrote I was able to
work with a socket file on an NFS drive with both Fedora 8 and Red Hat
AS 4:
    http://selliott.org/c/socket-file.cpp
The test program just creates a socket file and listens on it in one
instance and then connects to it in another.

Maybe this works differently on non-Linux systems.

Since my assumption was wrong about home directories being read-only
then I'm curious if having a read-only WINEPREFIX directory is something
that Wine supports assuming the WINEPREFIX directory is setup initially.
As I mentioned in one of my other emails having a setup read-only
WINEPREFIX directory pretty much works other than wineserver complaining
that it can't write to the *.reg files when it exits.

If having a writeable WINEPREFIX directory is a reasonable requirement
then that suggests a solution that allows the socket file to be in /tmp
and not vulnerable to DoS attacks - something like mkdtemp() could first
securely create a unique directory in /tmp for the socket file and the
location could be stored somewhere in WINEPREFIX.  The location could be
protected with a lock file in WINEPREFIX, so I think that would be
pretty solid race condition and DoS wise.

> I don't think the DoS is a big issue, but if it is for you it's pretty
> easy to have a script create the directories for all users at boot time.

It may not be a big issue.  As Francois Gouget pointed out there seems
to be other applications with similar socket files.  So if you aren't
concerned about this I understand.  I imagine the upcoming 1.0 release
has given you plenty of things to think about.

That is a good suggestion about creating the directories on boot.
Although it's tricky to do that when the users aren't local (NIS, or
whatever) it's a good suggestion for most people.

-- 
-----------------------------------------------------------------------
|          Steven Elliott          |      selliott4 at austin.rr.com     |
-----------------------------------------------------------------------

More information about the wine-devel mailing list