Signature checking in Wine

Juan Lang juan.lang at gmail.com
Fri Jul 25 09:49:34 CDT 2008 

> I assume you don't ship signed software.  If you did, you might see things
> differently.  Unless I've misunderstood, you've made this possible:
>
> 1. I release my software with my digital signature attached
>
> 2. A malware author downloads my software, extracts my certificate, and
>   applies it to his malware
>
> 3. His software infects a user's machine and damages it.  The user
>   discovers the infection, looks at the signature, **Wine says that the
>   certificate is valid**, and the user blames me.
>
> Please, either tell me I'm wrong, or make Wine honest about what it's
> telling the user.

No, you're not wrong, and this email was my attempt at being honest.

I'll point out that there are other avenues of attack that can lead
Wine to "mislead" the user about who signed an executable.  However,
in my professional opinion, a signature on a binary isn't worth the
bits its encoded in.  Any software, signed or not, can contain
vulnerabilities.  With the size and complexities of today's software,
and with signatures only being affixed to the largest and most complex
software, I'll state that in my opinion it's the signed software which
is more at risk than the unsigned software.  If you believe a piece of
software signed by Microsoft (or Apple, or...) is any more trustworthy
than some random piece of code, you needn't look far to disabuse
yourself of that notion.

Even so, an exploit is far more likely to target Windows, and perhaps
to fail on Wine, than it is to target Wine.  I'm not attempting to
hide behind a security through obscurity defense.  I'm pointing out
that even if digital signatures meant anything--and I maintain that
they don't--the probability of their being attacked in Wine is very
low.  Therefore, from a risk management point of view, there's no
compelling reason to fix it.  I may fix it someday, but as I said
before that wouln't remove all code signing vulnerabilities from Wine,
it would only remove this particular one.

If you disagree, patches are welcome.
--Juan

More information about the wine-devel mailing list