On Tue, 6 Aug 2002, phrostie wrote: > i got this link from another list. > does this affect applications running in wine? > > http://security.tombom.co.uk/shatter.html No, applications running in Wine cannot be exploited in this way. The security problem described in this paper involves sending messages from a malicious Windows application run by user A to an application run by user B. With the current Wine architecture this is simply impossible. Each user runs his own Wine server and Windows applications can only send messages via that Wine server. To circumvent this one would have to write a Wine aware Windows application, and that application would then have to find a way to circumvent the Unix security mechanism. One final obstacle: it is currently quite unusual (might well change) for multiple users to run Wine concurrently, and even more unlikely that root or another priviledged user would do so (unlike on NT were you have priviledged services running at all times). -- Francois Gouget fgouget@free.fr http://fgouget.free.fr/ $live{free} || die ""; _______________________________________________ wine-users mailing list wine-users@winehq.com http://www.winehq.com/mailman/listinfo/wine-users
