On 17 February 2013 15:40, Stefan Dösinger <stefandoesin...@gmail.com> wrote:
> Am 17.02.2013 um 14:25 schrieb Stanislaw Halik <stha...@misaki.pl>:
>> Security impact is nil - Win32 can reference the extension regardless.
>> Well-written code won't expose the issue. Patch is a bit messed up WRT lack
>> of binding back to 0 in some places, but that'll be amended.
> I basically agree with this - the problem with this extension is that the
> driver exports it. If we're using it or not doesn't really have a security
> impact.
>
Sure, I just think it's a terrible extension, not necessarily that
supporting it would have security impact for Wine. (Although once you
go there, an application e.g. locking up the system becomes
potentially a Wine bug, not automatically a driver bug.) The other
consideration is that I don't want to encourage other drivers to
implement this kind of extension. Of course that's all aside from all
the generic arguments against having multiple code paths for
essentially the same thing, and the increased complexity that comes
with that.
