On Mon, Aug 22, 2016 at 1:08 PM, Jens Reyer jre.winesim@gmail.com wrote:
On 22.08.2016 17:52, Bruno Jesus wrote:
On Mon, Aug 22, 2016 at 11:57 AM, Rosanne DiMesio dimesio@earthlink.net wrote:
On Mon, 22 Aug 2016 15:28:39 +0200 Jens Reyer jre.winesim@gmail.com wrote:
What are the security implications? Won't this make it easier for malware to execute without being Wine-aware, or am I just being paranoid?
We don't enable binfmt in Debian for exactly this reason (see https://bugs.debian.org/819255). So I'd also be interested in other opinions.
Hi, I don't understand the security implications yet. If I download a malware and run it like ./malware.exe or wine malware.exe what is the difference?
Whether you can accidentally do it manually? And if something else is able to start the exe?
Sorry, I really still don't understand what is the problem. You mean I can accidentally type and run ./malware.exe for example using tab key completion? That is the problem?
What is a real example of a malware that benefits from this?
Having that would indeed help, I'm not really sure about this myself.
I'm not asking for a real case virus name that would do it =) I'm asking more like a general idea of what is the problem. If malware.exe is already running it does not need binfmt support to run another exe programs. If a linux sh has a hidden malware.exe I'm pretty sure the hackers behind it will be smart enough to find the correct way (./malware or wine malware) to run it.