[ros-dev] [ros-diffs] [cwittich] 30460: sync CryptAcquireContext to wine (this fixes some Unicode issues)
Steven Edwards
winehacker at gmail.com
Fri Nov 16 08:05:09 CET 2007
On Nov 15, 2007 12:30 PM, Alex Ionescu <ionucu at videotron.ca> wrote:
> "HCRYPTHASH hPrivate; /*CSP's handle - Should not be given to application
> under any circumstances!*/"
>
> Are Wine people aware that DLLs load in the same address space as
> applications? There is no way to protect this handle from the application
> unless you store it in kernel-mode.
I am sure the guys working on this code now are aware of it.
That comment was written back in 2002 by someone I've never even hear of
so I expect it was a bit of a hack to get some application to work.
http://source.winehq.org/git/wine.git/?a=commit;h=e8273d60562acb5135c49e90d8b6f8c81a7ad73b
And I don't know what applications are using this functionality that they would
have had to implement it. I guess the Wine developers just don't care. I don't
really know anything about the context of this but I guess they figure it does
not really matter if its insecure as there are tons of other vectors
to exploit in
Wine and if something bypasses the traditional Unix security all is lost anyway.
I am not really qualified to comment on this. If you would like I will
ask Juan Lang
if he wants to implement it properly in Wine via a kernel module or something.
He has been the one recently working on crypto service providers and friends
so I can direct any questions you might have to him.
--
Steven Edwards
"There is one thing stronger than all the armies in the world, and
that is an idea whose time has come." - Victor Hugo
More information about the Ros-dev
mailing list