On 08/22/2016 06:36 PM, Jens Reyer wrote:
On 22.08.2016 18:18, Bruno Jesus wrote:
On Mon, Aug 22, 2016 at 1:08 PM, Jens Reyer jre.winesim@gmail.com wrote:
On 22.08.2016 17:52, Bruno Jesus wrote:
On Mon, Aug 22, 2016 at 11:57 AM, Rosanne DiMesio dimesio@earthlink.net wrote:
On Mon, 22 Aug 2016 15:28:39 +0200 Jens Reyer jre.winesim@gmail.com wrote:
> > What are the security implications? Won't this make it easier for malware to execute without being Wine-aware, or am I just being paranoid?
We don't enable binfmt in Debian for exactly this reason (see https://bugs.debian.org/819255). So I'd also be interested in other opinions.
Hi, I don't understand the security implications yet. If I download a malware and run it like ./malware.exe or wine malware.exe what is the difference?
Whether you can accidentally do it manually? And if something else is able to start the exe?
Sorry, I really still don't understand what is the problem. You mean I can accidentally type and run ./malware.exe for example using tab key completion? That is the problem?
First off, I can't say for sure, still making up my mind on this.
But yes, either that, or Rosanne's USB thumb drive example, or email attachments.
When I last discussed this with someone it was suggested to add some code to Wine which checks if an exe was run before. If it runs the first time you might prompt the user to confirm (so something like the infamous Windows warning about unkown applications, which usually just gets clicked away).
How is a Windows .exe different from an ELF binary in this regard? Isn’t asking for confirmation the job of the e-mail client / file manager?