[Bug 40274] New: insecure use of /tmp
wine-bugs at winehq.org
wine-bugs at winehq.org
Thu Mar 10 13:12:35 CST 2016
https://bugs.winehq.org/show_bug.cgi?id=40274
Bug ID: 40274
Summary: insecure use of /tmp
Product: Wine
Version: 1.9.4
Hardware: x86
URL: https://bugs.debian.org/816034
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: -unknown
Assignee: wine-bugs at winehq.org
Reporter: jre.winesim at gmail.com
Distribution: ---
Hi,
https://bugs.debian.org/816034:
"wine uses /tmp/.wine-$UID as a directory for sockets and lock files.
This is insecure. Malicious local user could create /tmp/.wine-$UID for
another user's uid, preventing the other user from using wine.
Moreover, the server_connect() function doesn't check if /tmp/.wine-$UID
or its subdirectories are symlinks, so in some circumstances it might be
possible to trick wine to connect to an unrelated socket."
I'm not sure how to handle this best. I guess at least a link check should be
implemented.
Further if I read dlls/ntdll/server.c correctly the wineserver refuses to setup
the configuration dir if /tmp/.wine-$UID is owned by someone else. But I'm not
sure if this prevents using an already existing /tmp/.wine-$UID owned by
someone else.
Greets
jre
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list