A basic implementation for increased security in wine proposal

Paul TBBle Hampson Paul.Hampson at Pobox.com
Sun Feb 1 05:00:01 CST 2009


On Sun, Feb 01, 2009 at 10:41:25AM +0100, Guillaume SH wrote:
> Imagine an ill-intentioned people, call it the attackers. By the mean of
> simply creating the following C application (based on classical "Hello
> word") :

> #include needed header

> int main (int argc, char * argv[])
> {
>     /* printf ( "Hello world!" ); */
>     GetOverlappedResult(0, NULL, NULL, FALSE);

>     return EXIT_SUCCESS;

> Running this application on wine, I get to have my crash, with the
> possibility of an exploit.

A crash isn't magically a possibility of an exploit. Certain types of
crashes (eg. user-supplied buffer overruns that hammer the return
address on the stack) are vectors for security issues. Dereferencing a
NULL isn't, off the top of my head.

A better exploit than GetOverlappedResult(0, NULL, NULL, FALSE) at that
point is prolly to just do whatever your exploit's payload was going to
be.

> I won't describe in detail the way to perform the exploit as :
>       1 - I don't know how to proceed and I don't want to
>       2 - It would be showing poor sense of responsibilities

So you don't actually know what the exploit is you're trying to get us
to break from the Win32 API to avoid, and you specifically refuse to
describe it further?

-- 
-----------------------------------------------------------
Paul "TBBle" Hampson, B.Sc, LPI, MCSE
Very-later-year Asian Studies student, ANU
The Boss, Bubblesworth Pty Ltd (ABN: 51 095 284 361)
Paul.Hampson at Pobox.com

Of course Pacman didn't influence us as kids. If it did,
we'd be running around in darkened rooms, popping pills and
listening to repetitive music.
 -- Kristian Wilson, Nintendo, Inc, 1989

License: http://creativecommons.org/licenses/by/2.5/au/
-----------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://www.winehq.org/pipermail/wine-devel/attachments/20090201/41632972/attachment.pgp 


More information about the wine-devel mailing list