Signature checking in Wine
Juan Lang
juan.lang at gmail.com
Thu Jul 24 12:08:26 CDT 2008
Folks, now that there's a bit more code in Wine that "verifies" file
signatures, I wanted to make sure everyone understands its current
limitations.
1. It's only implemented for PE files and .cab files. Windows
supports more formats, of course, notably MSI files (see bug 11759,
http://bugs.winehq.org/show_bug.cgi?id=11759 )
2. Wine doesn't actually verify that the signature in the file
matches the file being checked. Any valid certificate could be put
into a file, and Wine would accept it.
I don't consider this a serious security flaw, because I think the
concept of a signature validating anything useful about a binary is
flawed. Hence I'm not terribly motivated to fix it.
Flame away,
--Juan
More information about the wine-devel
mailing list