Symlink vulnerability in winetricks
Stefan Nordhausen
nordhaus at informatik.hu-berlin.de
Tue Dec 23 11:06:43 CST 2008
Hi!
Winetricks has a symlink vulnerability, it does
(echo "$title"; echo ""; echo "$text") > /tmp/x_showmenu.txt
An attacker can exploit this by creating a symlink called
/tmp/x_showmenu.txt and have it point to some file that a winetricks
user can write (e.g. ~/Documents/important_stuff.odf). Winetricks will
then overwrite that file with its data.
To solve this, apply the following patch that simply avoids the creation
of a temporary file:
--- winetricks 2008-12-18 06:34:42.000000000 +0100
+++ winetricks 2008-12-23 18:00:17.000000000 +0100
@@ -207,8 +207,8 @@
args="$args,$1"
shift
done
- (echo "$title"; echo ""; echo "$text") > /tmp/x_showmenu.txt
- xmessage -print -file /tmp/x_showmenu.txt -buttons "Cancel,$args" |
sed 's/Cancel//'
+ (echo "$title"; echo ""; echo "$text") | \
+ xmessage -print -file - -buttons "Cancel,$args" | sed 's/Cancel//'
}
showmenu()
Merry Christmas
Stefan
More information about the wine-devel
mailing list