[Bug 49024] New: Malicious software able to alter, infect and/or destroy personal files
WineHQ Bugzilla
wine-bugs at winehq.org
Sun Apr 26 07:15:55 CDT 2020
https://bugs.winehq.org/show_bug.cgi?id=49024
Bug ID: 49024
Summary: Malicious software able to alter, infect and/or
destroy personal files
Product: Wine
Version: unspecified
Hardware: x86-64
OS: Linux
Status: UNCONFIRMED
Severity: major
Priority: P2
Component: -unknown
Assignee: wine-bugs at winehq.org
Reporter: youtube at marcus-s.de
Distribution: ---
Hello,
I might have discovered an issue with the current state of Wine execution of
Windows programs. While Wine does run pretty well for what I need it, I have
been pointed in the direction that it is also possible to execute malicious
software to the same effect it has on Windows.
Namely did I perform a test with the "WannaCry" ransomware on a non-live test
bed - and have found that not only does it encrypt and destroy files in one's
home folder (if standard Wine symlinks are kept in place), but also I found
that files that lie outside of the Wine prefix are affected. For me, files in
/tmp and a complete custom folder residing on the root level were also
affected.
I find this to be quite a security issue when Wine is also able to perform
destructive code without any limitations.
Steps to reproduce:
- Install current version of Wine
- Acquire a WannaCry (or other Virus) binary
- Execute the binary
- Observe results
Expected result:
- Security measure that prevents access to files and folders outside the Wine
prefix unless specifically specified by user through Winecfg.
Thanks,
Marcus
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list