Wine securityflaw.

Greg Turner gmturner007 at
Sun Oct 27 01:23:25 CST 2002

On Saturday 26 October 2002 11:43 pm, Francois Gouget wrote:
> On Sat, 26 Oct 2002, Greg Turner wrote:
> > That is, wine "emulates" an OS with no security measures at the
> > filesystem level, no security policy regarding what API's can be called
> > (except as provided by the CPU itself), and so on.
> I agree that there is a problem of perception so I will quickly clarify
> the above sentence, lest it be mis-interpreted and contribute to that
> perception problem.
> When reading 'wine "emulates" an OS with no security measures at the
> filesystem level' I think most people will think that Windows
> applications running under Wine can read and modify any file on the Unix
> system, including system files and files not belonging to the user
> running the application. This is of course not the case!

good call. thanks for that clarification.

> (however I will quickly point out that the NT security model suffers
> from a serious design flaw which lets processes escalate privileges in a
> way which is currently simply impossible in Wine, for more details see

seen this one, too.  interesting article; there's an even more interesting
follow up at  If were
very careful to do everything "just like windows" I think we could
reproduce these flaws in a year or two :)

At, the author (who calls
himself "Foon") boasts "Able to program in 23 languages on 14 platforms,
Foon takes an average of 3 days to learn a new programming language."
... That means he's spent exactly 69 days learning programming languages
en toto.

> AFAIK the Win32 API (unlike the Unix API, see chroot) does not make it
> possible to prevent a process from accessing or modifying files
> belonging to the current user.

This is another argument for a permissions mapping scheme instead of
direct translation of Unix permissions to wine permissions, as I see it.  Of
course, this leads us back to the Wine Is Not an Emulator "problem" as
previously discussed... so I guess I'm going in mental circles and, in a sense,
contradicting myself...  time to shut up and get back to work on RPC :)


"The purpose of government is to rein in the rights of the people"
 --President Bill Clinton, MTV interview, 1993

More information about the wine-devel mailing list