[pkg-wine-party] Bug#816034: wine32: insecure use of /tmp
Jakub Wilk
jwilk at debian.org
Fri Feb 26 20:37:52 UTC 2016
Package: wine32
Version: 1.8.1-2
Tags: security
wine uses /tmp/.wine-$UID as a directory for sockets and lock files.
This is insecure. Malicious local user could create /tmp/.wine-$UID for
another user's uid, preventing the other user from using wine.
Moreover, the server_connect() function doesn't check if /tmp/.wine-$UID
or its subdirectories are symlinks, so in some circumstances it might be
possible to trick wine to connect to an unrelated socket.
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64
Kernel: Linux 4.4.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages wine32 depends on:
ii libc6 2.21-9
ii libfreetype6 2.6.1-0.1
ii libncurses5 6.0+20160213-1
ii libwine 1.8.1-2
ii x11-utils 7.7+3
Versions of packages wine32 recommends:
pn libasound2-plugins <none>
ii libgl1-mesa-dri 11.1.2-1
ii wine 1.8.1-2
--
Jakub Wilk
More information about the pkg-wine-party
mailing list