Wine securityflaw.

Peter Andersson kanelballe at softhome.net
Sun Oct 27 05:37:02 CST 2002


What is it with you people?
I was just trying to make a point about the security risks about using wine
at present.  And you start flameing me?
Instead of continuing this flame war I will try to express myself more 
clearly. 

Before I go into details of my idea, lets make a few things clear...
I agree that focus of the Wines project, should be more towards running 
windows applications than on extreme security. I also agree that securing
an environment usually means reducing the freedom and flexibility to do 
things. My intention was that some security should be offered in wine 
regarding the attacks. This would not neccesary need to be a mandatory 
solution, it should IMHO be an easily configured on/off option feature.

My idea is to use ptrace in a supervisor process to trap all syscalls from the 
wine process, and use some kind of sanity checks for some of the syscalls. 
Watching the fork,exec,open,write and unlink syscalls and doing sanity
checks could offer atleast some security. 


Could this work?
Do you see this as a useful option?

//Peter


On Sunday 27 October 2002 03.06, Francois Gouget wrote:
> On Sun, 27 Oct 2002, Peter Andersson wrote:
> [...]
>
> > I believe most wine users trust wine not to touch anything outside of
> > its configured drive space. Malicious Linux/Unix syscalls could be
> > embedded in windows apps and if executed  do a great deal of damage.
> > After all checking your app is run whithin Wine is not that hard (reading
> > registry settings for instance). Lets call such an malicious app a
> > wine-virus from  now on. At present a wine-virus would even be allowed to
> > fork itself, leaving the wine environment and continue to run even after
> > you shutdown the wineserver,  and in some cases even after the user logs
> > out. The virus would now have full access to the system whithin the users
> > permission, doing much greater damage than you expected.
> >
> > The question is...Would you expect that damage from running a windows app
> > in wine, when you know it could be safely run in Windows?
> > In just a few embedded bytes in the code it could remove your home
> > directory in a single syscall. Would you expect that? - I wouldnt.
>
> [...more snipped...]
>
> Certainly I would be surprised to see a Wine-aware virus tomorrow. In
> that sense I certainly would not expect this sort of thing to happen
> tomorrow. But you seem to be confused about the goal of Wine.
>
> The goal of Wine is to run Windows applications on Unix. Windows
> applications run through Wine should be able to do no more and no less
> than any other Linux application. Thus Wine is not more of a security
> risk than any other piece of (somewhat alpha) software.
>
> But the goal of Wine is *not* to build a sandbox or a virtual machine in
> which you can safely run malicious code. If that is what you want, then
> you should look at chroot, jail, User Mode Linux, VMWare or Plex86. You
> can even combine them with Wine to build sandboxes. For instance you
> could run Wine in a 'jail' environment and then a Wine-aware would be
> confined to that environment.
>
>
> That being said, yes it is possible to configure Wine such that Windows
> applications are confined to a small portion of your disk. It is a
> useful feature and, as far as I know, it should work against all current
> Windows viruses. Of course, when configured this way Wine is not very
> useable. You would not be able to use Word to edit your documents for
> instance... that is unless you menually copy the document to the Wine
> environment where any Windows virus will be able to munge it. You simply
> cannot have it both ways.




More information about the wine-users mailing list