Paul,<br><br>Basically, yes I don't know what the exploit is (there's no magic in there : possibility for an exploit is enough to justify action). But I don't ask for an API breakage, I propose wine to support two modes : one with API misuse checks and one strictly the same behaviour as Windows.<br>
<br>This leave the choice for users to use wine on the safe side or on the less safe side.<br><br>As I already answered to Marcus, I will go for some reflexion/documentation on the subject,<br>Guillaume<br><br><div class="gmail_quote">
2009/2/1 Paul TBBle Hampson <span dir="ltr"><<a href="mailto:Paul.Hampson@pobox.com">Paul.Hampson@pobox.com</a>></span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">On Sun, Feb 01, 2009 at 10:41:25AM +0100, Guillaume SH wrote:<br>
</div><div class="Ih2E3d">> Imagine an ill-intentioned people, call it the attackers. By the mean of<br>
> simply creating the following C application (based on classical "Hello<br>
> word") :<br>
<br>
> #include needed header<br>
<br>
> int main (int argc, char * argv[])<br>
> {<br>
> /* printf ( "Hello world!" ); */<br>
> GetOverlappedResult(0, NULL, NULL, FALSE);<br>
<br>
> return EXIT_SUCCESS;<br>
<br>
> Running this application on wine, I get to have my crash, with the<br>
> possibility of an exploit.<br>
<br>
</div>A crash isn't magically a possibility of an exploit. Certain types of<br>
crashes (eg. user-supplied buffer overruns that hammer the return<br>
address on the stack) are vectors for security issues. Dereferencing a<br>
NULL isn't, off the top of my head.<br>
<br>
A better exploit than GetOverlappedResult(0, NULL, NULL, FALSE) at that<br>
point is prolly to just do whatever your exploit's payload was going to<br>
be.<br>
<div class="Ih2E3d"><br>
> I won't describe in detail the way to perform the exploit as :<br>
> 1 - I don't know how to proceed and I don't want to<br>
> 2 - It would be showing poor sense of responsibilities<br>
<br>
</div>So you don't actually know what the exploit is you're trying to get us<br>
to break from the Win32 API to avoid, and you specifically refuse to<br>
describe it further?<br>
<font color="#888888"><br>
--<br>
</font><div><div></div><div class="Wj3C7c">-----------------------------------------------------------<br>
Paul "TBBle" Hampson, B.Sc, LPI, MCSE<br>
Very-later-year Asian Studies student, ANU<br>
The Boss, Bubblesworth Pty Ltd (ABN: 51 095 284 361)<br>
Paul.Hampson@Pobox.com<br>
<br>
Of course Pacman didn't influence us as kids. If it did,<br>
we'd be running around in darkened rooms, popping pills and<br>
listening to repetitive music.<br>
-- Kristian Wilson, Nintendo, Inc, 1989<br>
<br>
License: <a href="http://creativecommons.org/licenses/by/2.5/au/" target="_blank">http://creativecommons.org/licenses/by/2.5/au/</a><br>
-----------------------------------------------------------<br>
</div></div><br><br>
<br></blockquote></div><br>