A basic implementation for increased security in wine proposal
Guillaume SH
gsh.debianlists at gmail.com
Sun Feb 1 06:23:49 CST 2009
Paul,
Basically, yes I don't know what the exploit is (there's no magic in there :
possibility for an exploit is enough to justify action). But I don't ask for
an API breakage, I propose wine to support two modes : one with API misuse
checks and one strictly the same behaviour as Windows.
This leave the choice for users to use wine on the safe side or on the less
safe side.
As I already answered to Marcus, I will go for some reflexion/documentation
on the subject,
Guillaume
2009/2/1 Paul TBBle Hampson <Paul.Hampson at pobox.com>
> On Sun, Feb 01, 2009 at 10:41:25AM +0100, Guillaume SH wrote:
> > Imagine an ill-intentioned people, call it the attackers. By the mean of
> > simply creating the following C application (based on classical "Hello
> > word") :
>
> > #include needed header
>
> > int main (int argc, char * argv[])
> > {
> > /* printf ( "Hello world!" ); */
> > GetOverlappedResult(0, NULL, NULL, FALSE);
>
> > return EXIT_SUCCESS;
>
> > Running this application on wine, I get to have my crash, with the
> > possibility of an exploit.
>
> A crash isn't magically a possibility of an exploit. Certain types of
> crashes (eg. user-supplied buffer overruns that hammer the return
> address on the stack) are vectors for security issues. Dereferencing a
> NULL isn't, off the top of my head.
>
> A better exploit than GetOverlappedResult(0, NULL, NULL, FALSE) at that
> point is prolly to just do whatever your exploit's payload was going to
> be.
>
> > I won't describe in detail the way to perform the exploit as :
> > 1 - I don't know how to proceed and I don't want to
> > 2 - It would be showing poor sense of responsibilities
>
> So you don't actually know what the exploit is you're trying to get us
> to break from the Win32 API to avoid, and you specifically refuse to
> describe it further?
>
> --
> -----------------------------------------------------------
> Paul "TBBle" Hampson, B.Sc, LPI, MCSE
> Very-later-year Asian Studies student, ANU
> The Boss, Bubblesworth Pty Ltd (ABN: 51 095 284 361)
> Paul.Hampson at Pobox.com
>
> Of course Pacman didn't influence us as kids. If it did,
> we'd be running around in darkened rooms, popping pills and
> listening to repetitive music.
> -- Kristian Wilson, Nintendo, Inc, 1989
>
> License: http://creativecommons.org/licenses/by/2.5/au/
> -----------------------------------------------------------
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winehq.org/pipermail/wine-devel/attachments/20090201/82afcb0c/attachment.htm
More information about the wine-devel
mailing list