wine opens the system to null pointer dereference security bugs (vm.mmap_min_addr)
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| wine (Ubuntu) |
Fix Released
|
High
|
Kees Cook | ||
Bug Description
Binary package hint: wine
The wine package installs this file:
/etc/
with the following contents:
# Wine needs to access the bottom 64k of memory in order to launch
# 16 bit programs.
vm.mmap_min_addr = 0
This is a problem because it makes the system vulnerable to kernel null pointer dereference exploits.
I guess that the package does this to offer a "works out of the box" experience. Unfortunately it also make the system "unsecure by default". My preference would be "secure by default". The "does not work out of the box" problem is IMHO minor because:
- it only concerns Win16 binaries and not Win32 binaries
(see http://
- wine could display a clear error message to the rare users who want to run Win16 binaries
ProblemType: Bug
Architecture: i386
Date: Thu Nov 5 16:55:19 2009
DistroRelease: Ubuntu 9.10
Package: wine 1.0.1-0ubuntu8
ProcVersionSign
SourcePackage: wine
Uname: Linux 2.6.31-
XsessionErrors:
(polkit-
(gnome-
Related branches
| Laurent Bonnaud (laurent-bonnaud) wrote | #1 |
| security vulnerability: | no → yes |
| Changed in wine (Ubuntu): | |
| status: | New → Confirmed |
| importance: | Undecided → High |
| Changed in wine (Ubuntu): | |
| assignee: | nobody → Kees Cook (kees) |
| status: | Confirmed → In Progress |
| Launchpad Janitor (janitor) wrote | #2 |
| Changed in wine (Ubuntu): | |
| status: | In Progress → Fix Released |
This bug was fixed in the package wine - 1.0.1-0ubuntu9
---------------
wine (1.0.1-0ubuntu9) lucid; urgency=low
* debian/
* debian/control, debian/
debconf question for selecting a sensible mmap_min_addr system setting
(LP: #475540).
* debian/rules: support "parallel=N" in DEB_BUILD_OPTIONS.
-- Kees Cook <email address hidden> Sat, 12 Dec 2009 10:28:27 -0800