Fwd: this is scary
Francois Gouget
fgouget at free.fr
Thu Aug 29 01:26:41 CDT 2002
On Tue, 6 Aug 2002, phrostie wrote:
> i got this link from another list.
> does this affect applications running in wine?
>
> http://security.tombom.co.uk/shatter.html
No, applications running in Wine cannot be exploited in this way. The
security problem described in this paper involves sending messages from
a malicious Windows application run by user A to an application run by
user B.
With the current Wine architecture this is simply impossible. Each user
runs his own Wine server and Windows applications can only send messages
via that Wine server. To circumvent this one would have to write a Wine
aware Windows application, and that application would then have to find
a way to circumvent the Unix security mechanism. One final obstacle: it
is currently quite unusual (might well change) for multiple users to run
Wine concurrently, and even more unlikely that root or another
priviledged user would do so (unlike on NT were you have priviledged
services running at all times).
--
Francois Gouget fgouget at free.fr http://fgouget.free.fr/
$live{free} || die "";
More information about the wine-users
mailing list