[Bug 40274] New: insecure use of /tmp

[wine-bugs at winehq.org]

https://bugs.winehq.org/show_bug.cgi?id=40274

            Bug ID: 40274
           Summary: insecure use of /tmp
           Product: Wine
           Version: 1.9.4
          Hardware: x86
               URL: https://bugs.debian.org/816034
                OS: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: -unknown
          Assignee: wine-bugs at winehq.org
          Reporter: jre.winesim at gmail.com
      Distribution: ---

Hi,

https://bugs.debian.org/816034:
"wine uses /tmp/.wine-$UID as a directory for sockets and lock files. 
This is insecure. Malicious local user could create /tmp/.wine-$UID for 
another user's uid, preventing the other user from using wine.

Moreover, the server_connect() function doesn't check if /tmp/.wine-$UID 
or its subdirectories are symlinks, so in some circumstances it might be 
possible to trick wine to connect to an unrelated socket."


I'm not sure how to handle this best. I guess at least a link check should be
implemented. 

Further if I read dlls/ntdll/server.c correctly the wineserver refuses to setup
the configuration dir if /tmp/.wine-$UID is owned by someone else. But I'm not
sure if this prevents using an already existing /tmp/.wine-$UID owned by
someone else.

Greets
jre

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.