[pkg-wine-party] Bug#816034: wine32: insecure use of /tmp

Jakub Wilk jwilk at debian.org
Fri Feb 26 20:37:52 UTC 2016

Package: wine32
Version: 1.8.1-2
Tags: security

wine uses /tmp/.wine-$UID as a directory for sockets and lock files. 
This is insecure. Malicious local user could create /tmp/.wine-$UID for 
another user's uid, preventing the other user from using wine.

Moreover, the server_connect() function doesn't check if /tmp/.wine-$UID 
or its subdirectories are symlinks, so in some circumstances it might be 
possible to trick wine to connect to an unrelated socket.

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64

Kernel: Linux 4.4.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages wine32 depends on:
ii  libc6         2.21-9
ii  libfreetype6  2.6.1-0.1
ii  libncurses5   6.0+20160213-1
ii  libwine       1.8.1-2
ii  x11-utils     7.7+3

Versions of packages wine32 recommends:
pn  libasound2-plugins  <none>
ii  libgl1-mesa-dri     11.1.2-1
ii  wine                1.8.1-2

Jakub Wilk

More information about the pkg-wine-party mailing list