About Wine Security

Pierre Schweitzer pierre at reactos.org
Wed Jan 7 14:56:24 CST 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/01/2015 21:19, Alexandre Julliard wrote:
> Pierre Schweitzer <pierre at reactos.org> writes:
> 
>> On 07/01/2015 17:19, Marcus Meissner wrote:
>>> I would say that exploiting by "crafted PE binary" is not in
>>> scope for CVE allocation for Wine, as you would not keep the
>>> crafted PE binary from doing "int 0x80" itself.
>> 
>> Well, by crafted PE binary, I mean, binary that would be designed
>> to exploit such weaknesses. To corrupt memory, read from it or
>> whatever.
> 
> That's the sort of thing I was alluding to in our private
> discussion. In the context of Wine, postulating a specially crafted
> binary doesn't make sense. Obviously such a binary doesn't need to
> exploit Wine to do anything it wants.
> 

Likely my 'crafted' word was poorly chosen. Here, I refer to a binary
designed to exploit the flaws in Wine, as it would be designed to
exploit flaws in any library.
The user excepts to run a sane binary, whereas said binary will
actually use its running context to corrupt memory, attempt to cause a
denial of service in Wine, and so on. As for any other exploit (be it
for a lib or another tool).

Cheers,
- -- 
Pierre Schweitzer <pierre at reactos.org>
System & Network Administrator
Senior Kernel Developer
ReactOS Deutschland e.V.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUrZ14AAoJEHVFVWw9WFsLHkQP/if7LKib0C3J0l4BxFdFSbZu
dOEYexCwN1eUQtdkU6g0fsYqE31Igo2Ndn7Ss8GyXYLzNe2pcOXUHIrXapenPEnr
p+gIRsqKWVIu6zf5QxKf7Lr0qcsoLbo2uJIJU/FiTfHhFOj6cLP7kxmkY6LwXeUM
uh1kDZOO+a+HVkEbGaxByXIbElPgy8N9BW+iXD4bQTjwYSZ22efWQLgPIgVbJqc4
x0tcIHZ9F7cHWgVotgOXdtNzOQ1QRXLd15Rgcw4gjA3NQnry3WkProcO3WF8hpzq
qg3Ew/OSD9DrvtOIAxRz+U8iF1wQD2DLBrC/9+Q2fAygqZz/pe1IAhTLlUw4kr2H
dKhpGHhWSTKcd265SIzmJXHyuN3UUJurk8Fjt48QoRJ2uyX/p3m2U7VXw5tnK2rt
yFkTB9aa5es73oGg6puUtaJFb/54HDukdWzj6xNaYappnnk48bdd9cvgfTe7BTV+
Pug/TIL/mHor/C7z0i3yHQN7X1aiGKJQyVKOa1VXz7I7MJwu8iNQeRsklSKPW0Am
bz5lHCCS3pXp55mxXPhOxU8OtzLl9/FEsT5u1nMRsKZ7i7wpR37tXKuStUQ3LmIH
20gynP9NZs9QBx0BOxxfQ+3VCVwUo1M+RuWuWW1+vONYejcvRAWRRmMItmsW6m/j
qAUakjVaElbvBRDu7gYL
=SDqC
-----END PGP SIGNATURE-----

More information about the wine-devel mailing list