i got this link from another list. does this affect applications running in wine? http://security.tombom.co.uk/shatter.html -- Oh, I have slipped the surly bonds of DOS, and danced the skies on Linux silvered wings. http://pfrostie.freeservers.com/cad-tastrafy/ http://www.freelists.org/list/cad-linux
will perhaps do for wine drives (note perhaps is meant for : this is not sure in any way), but not for linux ones... you cannot bypass unix security by using windows tricks. wine is a user application, not a system one. but if you're crazy and run it as root and give access to / in a windows drive ... why not ... but this has to be done by YOU and only YOU, so this can't be done. (or are you crazy ?) --- phrostie <pfrostie@yahoo.com> a ?crit : > i got this link from another list.> does this affect applications running in wine? > > http://security.tombom.co.uk/shatter.html > > -- > Oh, I have slipped the surly bonds of DOS, > and danced the skies on Linux silvered wings. > http://pfrostie.freeservers.com/cad-tastrafy/ > http://www.freelists.org/list/cad-linux > _______________________________________________ > wine-users mailing list > wine-users@winehq.com > http://www.winehq.com/mailman/listinfo/wine-users___________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en fran?ais ! Yahoo! Mail : http://fr.mail.yahoo.com
On Tue, 6 Aug 2002, phrostie wrote:> i got this link from another list. > does this affect applications running in wine? > > http://security.tombom.co.uk/shatter.htmlNo, applications running in Wine cannot be exploited in this way. The security problem described in this paper involves sending messages from a malicious Windows application run by user A to an application run by user B. With the current Wine architecture this is simply impossible. Each user runs his own Wine server and Windows applications can only send messages via that Wine server. To circumvent this one would have to write a Wine aware Windows application, and that application would then have to find a way to circumvent the Unix security mechanism. One final obstacle: it is currently quite unusual (might well change) for multiple users to run Wine concurrently, and even more unlikely that root or another priviledged user would do so (unlike on NT were you have priviledged services running at all times). -- Francois Gouget fgouget@free.fr http://fgouget.free.fr/ $live{free} || die "";