Hello again, (FYI, I took the liberty to change the topic since I started the former thread "How is Win/Dos syscalls implemented in Wine?" which I feel has gone a little bit off-topic) I had some more thoughts on the issue... I believe most wine users trust wine not to touch anything outside of its configured drive space. Malicious Linux/Unix syscalls could be embedded in windows apps and if executed do a great deal of damage. After all checking your app is run whithin Wine is not that hard (reading registry settings for instance). Lets call such an malicious app a wine-virus from now on. At present a wine-virus would even be allowed to fork itself, leaving the wine environment and continue to run even after you shutdown the wineserver, and in some cases even after the user logs out. The virus would now have full access to the system whithin the users permission, doing much greater damage than you expected. The question is...Would you expect that damage from running a windows app in wine, when you know it could be safely run in Windows? In just a few embedded bytes in the code it could remove your home directory in a single syscall. Would you expect that? - I wouldnt. I really love the idea of Wine, and the fact that its working good and rather stable now does mean its gaining popularity and a broader user base, which further IMHO accelerates the wine movement. If wine users were aware of the risks of using wine at present, I believe wine would be used more cautiously. Cant we atleast try implement some protection in wine against these attacks, before something really nasty happens. I do think company policy decissions againt using wine, will do just as much damage to the wine movement as too the free software movement at large. I would, despite my current lack of knowledge, gladly offer my help. But I hope someone more experienced would take the lead. Best Regards, Peter Andersson
Peter Andersson <kanelballe@softhome.net> writes:> The question is...Would you expect that damage from running a windows app > in wine, when you know it could be safely run in Windows? > In just a few embedded bytes in the code it could remove your home directory > in a single syscall. Would you expect that? - I wouldnt.You should. If you run untrusted code under your account it can do anything that you are allowed to. This is exactly equivalent to running an untrusted Linux app. From a security standpoint there is absolutely no difference between a Windows binary running under Wine and a Linux binary running natively. You can use the DOS drive configuration to limit the potential problems a bug in a Windows app can cause; but it is impossible to protect against malicious code except by not running it. Wine is not, and cannot be, a sandbox for running untrusted code.> Cant we atleast try implement some protection in wine against these attacks, > before something really nasty happens.No, we can't. -- Alexandre Julliard julliard@winehq.com
On Sun, 27 Oct 2002, Peter Andersson wrote: [...]> I believe most wine users trust wine not to touch anything outside of > its configured drive space. Malicious Linux/Unix syscalls could be embedded > in windows apps and if executed do a great deal of damage. After all checking > your app is run whithin Wine is not that hard (reading registry settings for > instance). Lets call such an malicious app a wine-virus from now on. > At present a wine-virus would even be allowed to fork itself, leaving the wine > environment and continue to run even after you shutdown the wineserver, and > in some cases even after the user logs out. The virus would now have full > access to the system whithin the users permission, doing much greater > damage than you expected. > > The question is...Would you expect that damage from running a windows app > in wine, when you know it could be safely run in Windows? > In just a few embedded bytes in the code it could remove your home directory > in a single syscall. Would you expect that? - I wouldnt.[...more snipped...] Certainly I would be surprised to see a Wine-aware virus tomorrow. In that sense I certainly would not expect this sort of thing to happen tomorrow. But you seem to be confused about the goal of Wine. The goal of Wine is to run Windows applications on Unix. Windows applications run through Wine should be able to do no more and no less than any other Linux application. Thus Wine is not more of a security risk than any other piece of (somewhat alpha) software. But the goal of Wine is *not* to build a sandbox or a virtual machine in which you can safely run malicious code. If that is what you want, then you should look at chroot, jail, User Mode Linux, VMWare or Plex86. You can even combine them with Wine to build sandboxes. For instance you could run Wine in a 'jail' environment and then a Wine-aware would be confined to that environment. That being said, yes it is possible to configure Wine such that Windows applications are confined to a small portion of your disk. It is a useful feature and, as far as I know, it should work against all current Windows viruses. Of course, when configured this way Wine is not very useable. You would not be able to use Word to edit your documents for instance... that is unless you menually copy the document to the Wine environment where any Windows virus will be able to munge it. You simply cannot have it both ways. -- Francois Gouget fgouget@free.fr http://fgouget.free.fr/ Hiroshima '45 - Czernobyl '86 - Windows '95