Re: [AD] al_set_win_dll

Re: [AD] al_set_win_dll_path

[ Thread Index | Date Index | More lists.liballeg.org/allegro-developers Archives ]

To: Allegro Development <alleg-developers@xxxxxxxxxx>
Subject: Re: [AD] al_set_win_dll_path
From: Elias Pschernig <elias.pschernig@xxxxxxxxxx>
Date: Sat, 30 Jul 2011 23:29:34 +0200

On Thu, 2011-07-28 at 11:20 +1000, Peter Wang wrote:
> 
> The main problem is loading DLLs from the _current_ directory, so it
> should be relatively safe to load from the PATH (excluding the current
> directory).  I can't remember why I didn't implement that; possibly
> because it requires more work.
> 

How exactly does the attack work? For example right now we prevent
libvorbis.dll from being loaded from the current path. However
libvorbis.dll depends on libogg.dll which still is loaded from the
current path. So couldn't the attack simply switch to libogg.dll and do
the attack anyway?

-- 
Elias Pschernig <elias.pschernig@xxxxxxxxxx>

Follow-Ups:
- Re: [AD] al_set_win_dll_path
  - From: Peter Wang

References:
- Re: [AD] al_set_win_dll_path
  - From: Elias Pschernig
- Re: [AD] al_set_win_dll_path
  - From: Matthew Leverton
- Re: [AD] al_set_win_dll_path
  - From: Trent Gamblin
- Re: [AD] al_set_win_dll_path
  - From: Matthew Leverton
- Re: [AD] al_set_win_dll_path
  - From: Elias Pschernig
- Re: [AD] al_set_win_dll_path
  - From: Matthew Leverton
- Re: [AD] al_set_win_dll_path
  - From: Elias Pschernig
- Re: [AD] al_set_win_dll_path
  - From: Matthew Leverton
- Re: [AD] al_set_win_dll_path
  - From: Elias Pschernig
- Re: [AD] al_set_win_dll_path
  - From: Matthew Leverton
- Re: [AD] al_set_win_dll_path
  - From: Peter Wang

Messages sorted by: [ date | thread ]
Prev by Date: Re: [AD] file slices
Next by Date: Re: [AD] al_set_win_dll_path
Previous by thread: Re: [AD] al_set_win_dll_path
Next by thread: Re: [AD] al_set_win_dll_path

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/