Possible security bug with unmount
Cédric Picard
cpicard at openmailbox.org
Wed Mar 23 10:57:29 CDT 2016
Hi,
I find that DIR_unmount_device in wine/dlls/ntdll/directory.c (latest
git) is looking like an unsafe use of system().
If a device was mounted to a point such as ";ls" I think it would be
passed to system and cause a command injection.
I didn't open a bug because I wasn't able to really test it due to my
lack of knowledge of wine and because I can't think of a real world
attack based on this as it needs to mount a device first but I think
it's worth at least a thorough check.
Cédric Picard
More information about the wine-devel
mailing list