Adding binfmt configuration to official Wine packages
Jens Reyer
jre.winesim at gmail.com
Mon Aug 22 11:08:41 CDT 2016
On 22.08.2016 17:52, Bruno Jesus wrote:
> On Mon, Aug 22, 2016 at 11:57 AM, Rosanne DiMesio <dimesio at earthlink.net> wrote:
>> On Mon, 22 Aug 2016 15:28:39 +0200
>> Jens Reyer <jre.winesim at gmail.com> wrote:
>>
>>>>
>>>> What are the security implications? Won't this make it easier for malware to execute without being Wine-aware, or am I just being paranoid?
>>>
>>> We don't enable binfmt in Debian for exactly this reason (see
>>> https://bugs.debian.org/819255). So I'd also be interested in other
>>> opinions.
>
> Hi, I don't understand the security implications yet. If I download a
> malware and run it like ./malware.exe or wine malware.exe what is the
> difference?
Whether you can accidentally do it manually?
And if something else is able to start the exe?
> Also in a file manager double clicking exe run wine
> correctly, why isn't this a security problem?
AFAIK for this you also need the desktop files (which afaik are packaged
by winehq). I think desktop files need to be considered at the same time
as binfmt support for their security implications.
> What is a real example
> of a malware that benefits from this?
Having that would indeed help, I'm not really sure about this myself.
Greets
jre
More information about the wine-devel
mailing list