Adding binfmt configuration to official Wine packages

Mon Aug 22 12:38:37 CDT 2016

On 08/22/2016 06:36 PM, Jens Reyer wrote:
> On 22.08.2016 18:18, Bruno Jesus wrote:
>> On Mon, Aug 22, 2016 at 1:08 PM, Jens Reyer <jre.winesim at gmail.com> wrote:
>>> On 22.08.2016 17:52, Bruno Jesus wrote:
>>>> On Mon, Aug 22, 2016 at 11:57 AM, Rosanne DiMesio <dimesio at earthlink.net> wrote:
>>>>> On Mon, 22 Aug 2016 15:28:39 +0200
>>>>> Jens Reyer <jre.winesim at gmail.com> wrote:
>>>>>
>>>>>>>
>>>>>>> What are the security implications? Won't this make it easier for malware to execute without being Wine-aware, or am I just being paranoid?
>>>>>>
>>>>>> We don't enable binfmt in Debian for exactly this reason (see
>>>>>> https://bugs.debian.org/819255). So I'd also be interested in other
>>>>>> opinions.
>>>>
>>>> Hi, I don't understand the security implications yet. If I download a
>>>> malware and run it like ./malware.exe or wine malware.exe what is the
>>>> difference?
>>>
>>> Whether you can accidentally do it manually?
>>> And if something else is able to start the exe?
>>
>> Sorry, I really still don't understand what is the problem. You mean I
>> can accidentally type and run ./malware.exe for example using tab key
>> completion? That is the problem?
> 
> First off, I can't say for sure, still making up my mind on this.
> 
> But yes, either that, or Rosanne's USB thumb drive example, or email
> attachments.
> 
> When I last discussed this with someone it was suggested to add some
> code to Wine which checks if an exe was run before. If it runs the first
> time you might prompt the user to confirm (so something like the
> infamous Windows warning about unkown applications, which usually just
> gets clicked away).
> 

How is a Windows .exe different from an ELF binary in this regard? Isn’t
asking for confirmation the job of the e-mail client / file manager?