Signature checking in Wine

Juan Lang juan.lang at
Thu Jul 24 12:08:26 CDT 2008

Folks, now that there's a bit more code in Wine that "verifies" file
signatures, I wanted to make sure everyone understands its current

1.  It's only implemented for PE files and .cab files.  Windows
supports more formats, of course, notably MSI files (see bug 11759, )

2.  Wine doesn't actually verify that the signature in the file
matches the file being checked.  Any valid certificate could be put
into a file, and Wine would accept it.

I don't consider this a serious security flaw, because I think the
concept of a signature validating anything useful about a binary is
flawed.  Hence I'm not terribly motivated to fix it.

Flame away,

More information about the wine-devel mailing list