About Wine Security

Pierre Schweitzer pierre at reactos.org
Thu Jan 8 03:43:03 CST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/01/2015 22:25, Vincent Povirk wrote:
> On Wed, Jan 7, 2015 at 2:56 PM, Pierre Schweitzer
> <pierre at reactos.org> wrote:
>> Likely my 'crafted' word was poorly chosen. Here, I refer to a
>> binary designed to exploit the flaws in Wine, as it would be
>> designed to exploit flaws in any library. The user excepts to run
>> a sane binary, whereas said binary will actually use its running
>> context to corrupt memory, attempt to cause a denial of service
>> in Wine, and so on. As for any other exploit (be it for a lib or
>> another tool).
> 
> Typically, flaws in a library don't allow a program using the
> library to do anything it couldn't do without access to that flaw.
> The exception would be something like polkit which has privileged 
> components compared to the software using it.

Depends. We can think about other scenario. Vulnerability in an API a
network application is using, which allows leaking data over the
network. Or to run another program remotely. Or bypass security checks
and execute parts it shouldn't.
Even if this doesn't elevate privileges, it can already harm.
Not talking about crashing the whole Wine instance.

> 
> All of Wine's components run as a single user, so flaws in them
> cannot be exploited in this way.
> 
> I think we would be more worried about a scenario where a flaw in
> Wine creates vulnerabilities in programs running in Wine. An
> example would be if one of our image processing functions corrupted
> memory when given some invalid data. This could be demonstrated
> using a test program that reads an image using the Windows API,
> combined with crafted image data that exploits the flaw.

Yup, sorry, forgot to speak about that one, which is also often
tracked. That can even go farther. Crafted images or input for a
program can lead to severe damages, or running programs (cf:
CVE-2014-7209).

> 
> The test program does not have to be designed to exploit a flaw,
> in fact the problem is that it was designed to do something sane
> (read and display an image), but an attacker supplying the image
> file can make it do something else.
> 
> (Sorry if you already know all this, it's unclear based on what
> you've said.)

Thanks for it. I would have totally forgotten to speak about it otherwise!

Cheers,
- -- 
Pierre Schweitzer <pierre at reactos.org>
System & Network Administrator
Senior Kernel Developer
ReactOS Deutschland e.V.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUrlEmAAoJEHVFVWw9WFsLJk4P/2HWr15ZK47K2EvDPUY6SMJm
Y8icgSpX1Ms2YEWnqhA2QCKilQDgcdrUW56iHl6LLTIWESNL5BXbXYyxmJR1LXoD
0cT+dHpXscG8QQss4bA6PUP7zx7Il2gp/Ytf2/t/6hjESZ3lSXohskXBT/ET9iRN
SLcfjU1RW/kBGPTCMfgkckx5OXHQmMQIXK/Vyddm6gBcKMA0FXBQdEOQpCy7tmre
QniEPRvoRLDZhWllDAcWlMBvTcy/aYIBQeaMsbsLgWNRpMfQ13g+yPyhxTP5gNRw
g0opsa/47XX5ehaWhA0QGQWOSsUvqaFQzXkIOhcZLz2/W98dAwb+e17M9ZTQ0h/I
qmkC2vFe9pNOC274/LjfkZaHkM1fKDmgloi1RwueuxPbkoIBFnbRkbqpiHcuptAQ
sH8YXm3vlY8ee9EfQiRm5cJMsys2DOkEKcfD7SDqqEv3KgG5KhR40qzgsgH0IjXZ
TF72/sRnP9hQ+VkpwFYmiBcBYtOX/szUeebWC2f2vKfIds8MjDq3GZSt9h88bUFO
bcc9eU8tk5oEtmWiYpL8RV9zL7CLkZcLJphDLBp3L3Yy/fIj8KSVQIZub55G+yf4
IYuDnHoA7lBbFkXV3Q3fkYQYyl/1+xRuJnxlv48UJjB+hld45NFbqqhA80b449Do
Oi4ifPoGazTCZlBf7fxS
=6xES
-----END PGP SIGNATURE-----



More information about the wine-devel mailing list