Thread replies: 50
Thread images: 4
Thread images: 4
File: Wine-for-Linux.png (4KB, 227x222px) Image search:
[Google]
4KB, 227x222px
Reminder that Wanna Cry can run on wine flawlessly, and can encrypt everything.
https://www.youtube.com/watch?v=TErrIvyj_lU
Protect yourself by deleting the root link in dosfolders from your wine prefix, to contain the malware in your wineprefix.
>>
>installing wine
Wew lad
>>
How bad to you have to be at computers to get your Linux installation infected with Windows ransomware
>>
>can encrypt everything
if you run it as su
you should NEVER run wine as su
>>
>>60478342
>can encrypt everything
You're right not everything, but your entire home folder would be encrypted and the MBR would be overwritten.
>>
>>60478320
DELET
>>
File: 1329558295240.jpg (233KB, 889x856px) Image search:
[Google]
233KB, 889x856px
>>60478320
so can running something likefind / -exec <your encryption tool of choice -infile $f -outfile $f>
your point?
>>
>>60478394
you cannot overwrite MBR without root privileges, you stupid retard.
>>
>>60478663
depends on whether or not your user is in the disks group, and whether you have other access controls in place
>>
Only if you directly download the virus and run it on purpose you retard.
>>
>>60478666
>because every distro has a group called "disks"
kys
this is only valid if you use some kind of subhuman ghetto distro
>>
Wanna Cry can only run in Wine if you personally run the malware. There isn't a vulnerable service in Wine that can be attacked just by sending the right bytes at the right port.
>>
>>60478663
>you cannot overwrite MBR without root privileges
Yes you can.
Try running MEMEZ in Wine.
>>
>>60478717
It's true that WannaCry can't spread from and to because GNU/Linux lacks SMB1, but that doesn't mean the malware can't be implemented in other ways, like what happened to fosshub.
>>
>>60478320
>not having iptables properly configured
>>
>>60478812
Not him, but how could that be possible? You must have root privileges for such low level disk access.
>>
>>60478864
https://support.microsoft.com/en-us/help/100027/info-direct-drive-access-under-win32
>>
>>60478663
>what is policy kit
>>
why would you infect your GNU/Linux machine with Wine anyway
>>
>>60478886
Right, but this way you would just directly access the disk that wine can see, and that is actually just a folder in your home folder (by default)
>>
>>60478320
>if you purposefully run it yourself
back to facebook op
>>
>>60478320
You fucking retard, the exploit to receive it from your network was in windows. You can only get it if you yourself run a copy of wannaCry yourself.
>>
>>60478980
>You can only get it if you yourself run a copy of wannaCry yourself.
Or if someone made a clone and compromised a popular binary site.
>>
>>60478583
>>60478320
why is this a bad thing? WINE's entire purpose is to run windows applications....their FAQ even says you can get viruses.
>>
>>60478320
There's a difference between knowingly running the executable and getting infected through the distribution vectors (Windows-specific exploits) that were initially used.
Nice shilling, only retards would fall for your post or take it seriously.
>>
>>60478320
If anything it just serves it's purpose.
>>
>>60478320
Who here cant wait until all nsa toolkits get released as one big library with easy to understand api so all the scrip kiddies will be finally use it properly and these
>hacker attacks
will be so frequent that media will stop caring and various goverments all over the world will be FORCED to finally acknowledge importance of national internet security and push for open source everywhere with unified updating process and source validation to prevent massive damages in the future?
>am i just too optimistic?
>>
>>60478320
Wine + NSA/SELinux doesn't have this problem
>>
>>60479861
It sadden me how far /g/ have fallen.
>knowingly running the executable
There are several way to by pass that.
>getting infected through the distribution vectors
Nothing was said about distribution through windows exploit.
>shilling
What shilling?
>>
WannaCry was an inside job by M$ to promote Botnet10 and outlaw bitcoin.
>>
>>60480304
> There are several way to by pass that.
How are there several ways to bypass that on Linux using WINE, you retard? On Windows, yes. Name some of them. The only way that that is possible on a Desktop system is to pretend that the executable is something different.
> Nothing was said about distribution through windows exploit.
So what? That's exactly the point that needs to be addressed.
> What shilling?
Obviously Windows damage control.
> It sadden me how far /g/ have fallen.
The irony is palpable.
>>
>>60480392
>How are there several ways to bypass that on Linux using WINE
USB flash drives.
>Windows damage control
>>
>>60478320
>Reminder that TrueCrypt can run flawlessly on wine
You're an idoit. Wanna Cry spread via SMB and Wine does not suffer from this. The exe encrypts files just like explorer.exe deletes files.
tl;dr Wine functions as intended.
>>
>>60480542
>USB flash drives.
Are you serious? Physical access to your system is equal to a remote exploit against which you can't protect on nearly all unupdated Windows systems? Laughable, fuck off.
>>
>>60478394
>2017
>using MBR
>letting a non-privileged user have write access to your ESP/boot partition
Lol what the fuck are you doing?
>>
>>60480561
OP is talking about a fundamental flaw in WINE design to give access to root folders.
This potentially can compromise your system security.
See 4.1.4 of
https://www.winehq.org/docs/wineusr-guide/config-wine-main
While WC can't spread from/to machines running WINE the risk of wc clones are still there, dismissing those potential security risk reveal just how shallow your knowledge.
>>
File: ohwell.png (12KB, 210x200px) Image search:
[Google]
12KB, 210x200px
what the fuck do you think an application is, OP?
If the application is made to encrypt all your files, then running the application will do that insofar as it has the correct permissions. This happens regardless of operating system.
In any case, you have to actually run the application. If a remote attacker can make your computer run the application without your interaction, then you can start talking about exploits and worms.
If you manually launch the payload yourself, what the fuck did you expect would happen?
>>
>>60478394
>your entire home folder would be encrypted
>not having backups
You deserved it.
>>
>>60478394
what if i have a user wine to run wine
>>
>>60480653
access control is not wines responsibility, it is the responsibility of the operating system.
>>
How do you fucks even get this shit? I use windows 10 and click on every link I see. Still don't have it.
>>
>>60480658
Nearly all malware that run under wine the infection is contained inside the wine prefix.
There are a few malware that escape, but none encrypt it.
Wine should sandbox each wineprefix.
All those that defends wine are Wine dev doing damage control.
>>60480678
Even if you do that, as long as WINE see the "/ " partition your OS is compromised.
>>
>>60480698
>Wine should sandbox each wineprefix.
this is beyond the responsibilities of wine, desu.
I believe there are ways around "unmounting" your root partition, though not that I remember right now offhand.
Expecting wine to sandbox stuff would add a lot of complexity, and I am sure there are other reasons it does not work that way too.
Use a utility intended for the purpose of sandboxing if you wish to restrict the permissions of stuff running with wine
>>
>>60480653
I'm still not seeing how it has root access unless you're a total fucktard.
>So, if the link to your c: drive points to ~/.wine/drive_c, you can interpret references to c:\windows\system32 to mean ~/.wine/drive_c/windows/system32
It's all in your home directory. In fact I'm willing to bet unless you mount the rest of your /home/user directory somewhere in Windows, which is questionable at best, WanaaCry wouldn't even be able to affect any of your Linux files.
>>
>>60480756
I believe there are ways to access the rest of your system just because the symlinks are not there.
>>
>>60480698
This.
Wine give access to root by default through syslink z:\
It have been argued this can compromise the system if you unknowingly ran malicious binary.
The counter argument was this would make things difficult for new comers.
You newfags don't remember, but in early days was capable of autorun.
>>
>>60480756
~/.wine/dosdevices/
z: drive is mapped to your root.
>>
>>60480800
The Wine process running under user only has the permissions that the parent user has.
>>
>>60481075
Try running wanna cry and see for yourself.
>>
>>60481090
It only encrypts what your user has write access too. Just because it can see your entire filesystem through the Z: mapping (as an aside, applications running under WINE can make system calls to the Linux kernel, so removing that mapping is superficial) doesn't mean it can write to things you can't. The only issue is if you're using an over-privileged user account, in which case you're a fucking retard.
So the only damage WannaCry can do under a sanely configured WINE configuration is encrypt your home directory, as that should be the only thing your user has write access too. If you took one simple step to create a new user to run WINE under with even less privileges, it wouldn't even be able to do that.
TL;DR: WINE gives every application you run under it a shell with the same privileges as the user you run WINE under.
Thread posts: 50
Thread images: 4
Thread images: 4