[pkg-wine-party] Bug#816034: wine32: insecure use of /tmp

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: [pkg-wine-party] Bug#816034: wine32: insecure use of /tmp
From: Jakub Wilk <jwilk@debian.org>
Date: Fri, 26 Feb 2016 21:37:52 +0100
Message-id: <[🔎] 20160226203752.GA4902@jwilk.net>
Reply-to: Jakub Wilk <jwilk@debian.org>, 816034@bugs.debian.org

Package: wine32
Version: 1.8.1-2
Tags: security

wine uses /tmp/.wine-$UID as a directory for sockets and lock files.This is insecure. Malicious local user could create /tmp/.wine-$UID foranother user's uid, preventing the other user from using wine.

Moreover, the server_connect() function doesn't check if /tmp/.wine-$UIDor its subdirectories are symlinks, so in some circumstances it might bepossible to trick wine to connect to an unrelated socket.



-- System Information:
Debian Release: stretch/sid
 APT prefers unstable
 APT policy: (990, 'unstable'), (500, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64

Kernel: Linux 4.4.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages wine32 depends on:
ii  libc6         2.21-9
ii  libfreetype6  2.6.1-0.1
ii  libncurses5   6.0+20160213-1
ii  libwine       1.8.1-2
ii  x11-utils     7.7+3

Versions of packages wine32 recommends:
pn  libasound2-plugins  <none>
ii  libgl1-mesa-dri     11.1.2-1
ii  wine                1.8.1-2

--
Jakub Wilk

Reply to:

Prev by Date: [pkg-wine-party] Processed: Retitle Bug#815992
Next by Date: [pkg-wine-party] [wine] 01/15: Use minimal wineapploader script, instead of patching the upstream one.
Previous by thread: [pkg-wine-party] Processed: Retitle Bug#815992
Next by thread: [pkg-wine-party] [wine] 01/15: Use minimal wineapploader script, instead of patching the upstream one.
Index(es):
- Date
- Thread