The official FAQ states, that Wine is malware-compatible and can do anything that user can. Judging by this statement, I can imagine that with enough effort taken it is possible to, for instance, persuade someone to open a malicious .doc file with MS Office 2003 which will delete all files and folders from every accessible drive. The question is - how much effort does the attacker have to take ? Let's think about different situations with the example above with the question: Can I lose everything in my home directory ?
1. The attacker thinks I'm running Office on Windows, while I'm running it on Wine with default configuration.
2. The attacker thinks I'm running Office on Windows, while I'm running it on Wine with permanently disabled Z: drive and even have my dosdevices folder set so it can be modified only by root.
3. The attacker knows that I'm running Office on Wine and is going to prepare a special macro which will perform an actual action by Linux even though I have Z: drive disabled and my dosdevices folder set so it can be modified only by root.
Effort taken to perform potentially harmful actions.
-
MajorLunaC
- Level 1
- Posts: 6
- Joined: Sun Nov 09, 2014 12:27 pm
Re: Effort taken to perform potentially harmful actions.
Hmmm... Well first of all, why are you running Office for Windows? LibreOffice has greater compatibility, greater stability, and nearly all of the same functionality. There are other free, functional alternatives as well.
Second of all, Wine works in the sense that a Windows program tells Wine to make a cube on the screen, and then Wine tells the Linux software and hardware to make a cube on the screen. I'm not too sure about the drives. Just make sure to NEVER run Wine as Root, no matter who tells you to, and make sure to have your Linux firewall up, configured, and running and you should be fine for the most part. Also, don't visit any sites that could have malware, and certainly don't download any. That's how you get malware, not by just using the internet through Wine. As far as I can tell, everything that runs through the internet in Wine is routed through your Linux internet setup.
The fact of the matter is, the vast majority of hackers target Windows, and few know how to handle Linux, and even fewer expect to encounter Wine. A malicious program in Wine will likely target Windows files, using Windows commands (DOS or other). I would say the attacker would have to make a program that specifically targets Wine run on Linux (note that Wine can also run on Windows and Mac, so that's a very specific target). Most likely, your .wine directory will need to be deleted, and you would have to reinstall Office.
Oh, and one more thing, why does Office for Windows need the internet? Updates?
Second of all, Wine works in the sense that a Windows program tells Wine to make a cube on the screen, and then Wine tells the Linux software and hardware to make a cube on the screen. I'm not too sure about the drives. Just make sure to NEVER run Wine as Root, no matter who tells you to, and make sure to have your Linux firewall up, configured, and running and you should be fine for the most part. Also, don't visit any sites that could have malware, and certainly don't download any. That's how you get malware, not by just using the internet through Wine. As far as I can tell, everything that runs through the internet in Wine is routed through your Linux internet setup.
The fact of the matter is, the vast majority of hackers target Windows, and few know how to handle Linux, and even fewer expect to encounter Wine. A malicious program in Wine will likely target Windows files, using Windows commands (DOS or other). I would say the attacker would have to make a program that specifically targets Wine run on Linux (note that Wine can also run on Windows and Mac, so that's a very specific target). Most likely, your .wine directory will need to be deleted, and you would have to reinstall Office.
Oh, and one more thing, why does Office for Windows need the internet? Updates?
Re: Effort taken to perform potentially harmful actions.
b2402401 problem here wine is not a sandbox.
Result between prepared attacker and unprepared is not much against wine. If you are worried about threats. Option 1 run wine in a different user with limited rights. 2 use cgroups and other containment options. Your events 1 2 and 3 are addressed by properly by using sandboxing.
Linux Desktop and Windows Desktops really needs more stand-boxing all round. A bad macro in Native Linux Libreoffice could inflict the same kind of damage.
Fairly much write/delete everywhere the user can by all methods due to z: being mapped to /1. The attacker thinks I'm running Office on Windows, while I'm running it on Wine with default configuration.
Still fairly much write/delete every where user can just attacker has to be a little trickier using relative paths. Wine is not a sandbox does not validate if locations being accesses are proper. Yes the old chroot break out method of cd .. past the / of the chroot kind of stunt does apply to wine.2. The attacker thinks I'm running Office on Windows, while I'm running it on Wine with permanently disabled Z: drive and even have my dosdevices folder set so it can be modified only by root.
Attacker in this case could using a elf binary or windows executable binary calling a Linux syscall. Remember inside MS Office macros for highly creative reasons you can call dll files. Even more fun you can embed dll file inside document to be extracted by macro then have macro interface with it.3. The attacker knows that I'm running Office on Wine and is going to prepare a special macro which will perform an actual action by Linux even though I have Z: drive disabled and my dosdevices folder set so it can be modified only by root.
Result between prepared attacker and unprepared is not much against wine. If you are worried about threats. Option 1 run wine in a different user with limited rights. 2 use cgroups and other containment options. Your events 1 2 and 3 are addressed by properly by using sandboxing.
Linux Desktop and Windows Desktops really needs more stand-boxing all round. A bad macro in Native Linux Libreoffice could inflict the same kind of damage.
Re: Effort taken to perform potentially harmful actions.
So in other words, if I set up another user which will have no access to my standard files, any process he launches won't be able to harm my files ?
Let's discuss another thing. Imagine that someone sent me a keylogger bundled with .exe and I wasn't careful enough so I ran it and it tries to collect anything I type. The thing is, by default it should capture keys I input in Windows programs. But let's say this is a .exe keylogger developed especially for careless Linux users. Is it able to send everything even if apply THIS method ? If so, is it able to send everything if:
1. ran by another user with internet connection
2. ran by another user with no Internet conection.
Let's discuss another thing. Imagine that someone sent me a keylogger bundled with .exe and I wasn't careful enough so I ran it and it tries to collect anything I type. The thing is, by default it should capture keys I input in Windows programs. But let's say this is a .exe keylogger developed especially for careless Linux users. Is it able to send everything even if apply THIS method ? If so, is it able to send everything if:
1. ran by another user with internet connection
2. ran by another user with no Internet conection.
Because I can ? This was just an example. I could well run it in a virtual machine and not worry about anything, but the thing is - can the same amount of protection be present without using any emulators ?Well first of all, why are you running Office for Windows? LibreOffice has greater compatibility, greater stability, and nearly all of the same functionality. There are other free, functional alternatives as well.
Re: Effort taken to perform potentially harmful actions.
b2402401 boy I really do get sick of how much is incorrect on the internet.
Any option you see out their attempting to use some feature of Wine registry or Wine setting to sandbox is basically bogus. They have missed something every single time.
b2402401 a keylogger in wine even if it designed for Windows can capture quite a lot. We warn about malware because it something you have to seriously be aware of.
There is a lot to configuring a system properly that it secure and does truly isolate. problem here is security features is not wine project domain.
MajorLunaC malware for Linux inside MS Office documents do exist.
thing of setting a proxy only work with cooperative applications. Attack programs can try direct local network packets and see if those get to internet so disregard registry proxy settings.Block WINE Applications From The Internet
Any option you see out their attempting to use some feature of Wine registry or Wine setting to sandbox is basically bogus. They have missed something every single time.
b2402401 a keylogger in wine even if it designed for Windows can capture quite a lot. We warn about malware because it something you have to seriously be aware of.
Unfortunately this is a big fat maybe. May because not be able to access your files is only part of the problem. For examples disrupting creation of temp files may cause programs to crash or filling drives with junk...... Why is it maybe a lot of these things can be mitigated against. quotas, cgroups, LSM settings(apparmor/selinux) are all different part of securing a system.So in other words, if I set up another user which will have no access to my standard files, any process he launches won't be able to harm my files ?
There is a lot to configuring a system properly that it secure and does truly isolate. problem here is security features is not wine project domain.
MajorLunaC malware for Linux inside MS Office documents do exist.
