[Bug 25537] New: Wine allows access to / regardless configured ~/.wine/dosdevices
wine-bugs at winehq.org
wine-bugs at winehq.org
Thu Dec 16 14:37:51 CST 2010
http://bugs.winehq.org/show_bug.cgi?id=25537
Summary: Wine allows access to / regardless configured
~/.wine/dosdevices
Product: Wine
Version: 1.3.9
Platform: All
OS/Version: other
Status: UNCONFIRMED
Severity: critical
Priority: P2
Component: wineserver
AssignedTo: wine-bugs at winehq.org
ReportedBy: t.artem at mailcity.com
Probably since 1.3.8 or 1.3.9 any Windows application can open
(read/write/list/erase) any files in / (root) regardless user defined disk
devices (under ~/.wine/dosdevices).
It's a huge security issue, because in the past you could erase z: -> /
symbolic link and safely run any software (including malware).
This security measure has been removed without any explanations how to harden
your Wine PREFIX.
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list