Malware on Wine review
Scott Ritchie
scott at open-vote.org
Tue Feb 24 20:07:08 CST 2009
Dan Kegel wrote:
> On Mon, Feb 23, 2009 at 4:00 PM, Ben Klein <shacklein at gmail.com> wrote:
>>>>> http://www.avertlabs.com/research/blog/index.php/2009/02/23/running-windows-malware-in-linux/
>>>>>
>>>>> "Do not set the file association for Windows executables with Wine.
>>>>> This would enable running Windows executables in Wine by simply double
>>>>> clicking them."
>>> Yes, exactly. The default should be off, and it should be easy to
>>> turn on.
>> And if we're willing to deal with an influx of users complaining why
>> it doesn't work like that any more, we should do it. We'd probably
>> also have to get all the package maintainers on board though.
>
> Yes, this will require a modicum of consensus. We might decide
> to stay unsafe, or we might decide to make the bindings be in
> a separate package, so it's easier for admins to flip the switch.
>
>> My packaging process doesn't do anything that explicitly associates
>> Wine with exes, but I just tried opening an exe from Thunar and it ran
>> ... interesting. Debian, 1.1.15
>
> Yep.
> - Dan
>
>
When I brought this up at the Ubuntu Developer Summit a while back, the
security conscious there wanted to check an executable for the execute
bit before launching it with Wine. Then, the user would be prompted if
they wanted to run it, and if yes the execute bit would be set and the
program launched.
This check would be skipped if you clicked a link on the start menu
(since you obviously meant to launch a program then).
That said, there's no point becoming "safe" until the desktop also
disables single click running of .desktop files that don't have the
execute bit set. It's trivial to write a piece of Linux malware that
does whatever you want by making it a .desktop file - you can even make
it so it displays as whatever name you like (and not foo.desktop).
Thanks,
Scott Ritchie
More information about the wine-devel
mailing list