On Tue, Jul 18, 2017 at 12:39:45AM -0700, Rick Moen wrote: > Quoting Joachim Fahrner (j...@fahrner.name): > > > Another nice bug in Gnome: > > http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html > > I feel almost dirty making excuses for GNOME ;-> , but this bug in > /usr/bin/gnome-exe-thumbnailer appears to be exploitable only if WINE > is installed and findable by that GNOME utility. The thumbnailer > invokes WINE's cscript.exe, which appears to be a Windows Scripting Host > command interpreter -- and thus run VBScript.
But _why_ would you say this is an excuse? Wine is an unrelated piece of software, and it's not a bug in Wine. It's nice to have Wine installed, it reduces your need to have a Windows partition/VM[1] to basically zero. It's like saying that Perl is responsible if you feed it a program from an untrusted source. Wine does one task: run programs in PE format for win32/win64 ABI, and does it quite well. [1]. For your own use, that is -- if you want to test programs for others you'll obviously want VMs for multiple versions of Windows, just like you have a Fedora VM and an OpenBSD VM. -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ A dumb species has no way to open a tuna can. ⢿⡄⠘⠷⠚⠋⠀ A smart species invents a can opener. ⠈⠳⣄⠀⠀⠀⠀ A master species delegates. _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
