Security - single click trojan risk
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
wine (Ubuntu) |
Fix Released
|
High
|
Kees Cook |
Bug Description
Binary package hint: nautilus
Nautilus can facilitates trojans in conjunction with wine.
Scenario.
User eg newbie to linux attracted by ease of use of ubuntu, decides to use wine for some favoured Windows tm programs discovers need to use cli for installing programs can be avoided using the nautilus "Open with ...wine" feature.
Some time later user receives the following from a very familiar contact in gaim ....
(21:51:12) taggs: lol someone has put a pic of u online :P http://
As it turns out the "jpg" file is a windows excutable trojan (easily recrafted crafted for an ubuntu user) and when user clicks on the file instead of seeing it in Eye of Gnome what in fact happens is a malware intrusion.
Nautilus should be patched to disallow wine to feature in an "Open with ..." rule.
Reasoning:
Normally, in linux, to be "social-engineered" you have to save a file, convert it to executable and then run it. As outlined, in the above actual incident, this key usability security is ineffective in an increasingly possible scenario.
In many ways it make this form of social engineering easier in linux configured this way because the file does not even need an exe/bin or similar suffix.
Nautilus (in conjunction with wine) as things stand becomes a key part of negating the standard linux "executable bit" security measures.
Prominent warnings are not in place (in the ubuntu wine wiki) advising avoidance of this practice either. https:/
Thank you for your bug. That's a wine problem, either it should not claim the MimeType from its .desktop to not be listed by nautilus "open with" or it should verify the permissions of the .exe before trying to run it