Process for reporting security bugs?
Marcus Meissner
meissner at suse.de
Mon Aug 12 08:51:14 CDT 2013
On Mon, Aug 12, 2013 at 10:40:48PM +0900, Andrew Church wrote:
> Hi Marcus,
>
> >If it is not a high severe issue you can also just mail this mailinglist
> >here (wine-devel).
>
> Thanks for the info. As it turns out, it's an already-known issue
> (unixfs allows full host filesystem access through Windows APIs even if
> there's no equivalent dosdevices link -- reported as
> http://bugs.winehq.org/show_bug.cgi?id=22450) so I just added a comment
> onto the bug.
Depending on what attack scenario you envision, disabling unixfs is not enough.
If you want to avoid actually executed malware from accessing the UNIX fs directly,
you are out of luck as the malware could just do systemcalls itself (int 0x80 on x86
for instance).
Remember Wine is made to execute Win32 code. ;)
If you think indirectly executed unixfs shellfolder accesses, this might be blocked
by that, yes.
Ciao, Marcus
More information about the wine-devel
mailing list