Malware on Wine review

Ben Klein shacklein at gmail.com
Tue Feb 24 19:51:59 CST 2009


2009/2/25 Chris Robinson <chris.kcat at gmail.com>:
> On Tuesday 24 February 2009 4:54:26 pm Ben Klein wrote:
>> "Unsolicited" files will get +x with default mount options on vfat/fat
>> partitions, because ALL files on such partitions get +x this way.
>
> You have to mount a partition to get access to its files. A partition normally
> doesn't mount itself, unless you had previously set it up to do so. As such,
> you're actively trying to get the files.. they aren't just given to you
> without warning.
>
>> I would at least like to see Wine respect noexec, if possible. I
>> understand concerns about Wine respecting +x, due mainly to CD-based
>> installers that may or may not have +x set on the files, but I think
>> it would also be the *correct* thing to do.
>
> The (no)exec mount options are for specifying whether the executable bit is
> masked out or not. Filesystems like NTFS/FAT/ISO9660 do not have an executable
> bit (a shortcoming on their part), so it's always assumed to be on; the
> (no)exec options, in turn, control whether or not the the bit gets filtered
> out (ie. it determines whether the files get +x or not). To honor 'noexec'
> means Wine should honor +x.

Not correct. I've tested with vfat and ext2 filesystems, with noexec,
and the files are still marked +x. As it turns out, noexec doesn't
filter +x, just prevents shell/ld.so/kernel from loading the program.
Wine is an indirect method of loading a program in comparison.

An interesting point, assuming that /mnt/test is mounted noexec:
$ /mnt/test/test.sh
bash: /mnt/test/test.sh: /bin/sh: bad interpreter: Permission denied

$ sh /mnt/test/test.sh
Script runs

So maybe this is a matter of semantics: is Wine an executable handler
(note binfmt-misc) or an executable interpreter? Should the Windows
application, when passed as an argument to Wine, behave as if it's
been called directly, or should it behave as if the executable has
been passed to an interpreter (i.e., interpreter reads and processes
the file as opposed to executing it directly)?

> If a user is trying to execute a program on a CD that's not +x, they mounted
> it wrong (or the CD was made wrong). I mean, assume it was a Linux program
> they were trying to run on a CD instead of a Windows one. If the file doesn't
> have +x, it won't run. There's no reason a Windows program executed with Wine
> should act differently than a Linux program executed directly.

I agree with this entirely :D



More information about the wine-devel mailing list