Re: [AD] al_set_win_dll_path

[ Thread Index | Date Index | More lists.liballeg.org/allegro-developers Archives ]


On Thu, 2011-07-28 at 11:20 +1000, Peter Wang wrote:
> 
> The main problem is loading DLLs from the _current_ directory, so it
> should be relatively safe to load from the PATH (excluding the current
> directory).  I can't remember why I didn't implement that; possibly
> because it requires more work.
> 

How exactly does the attack work? For example right now we prevent
libvorbis.dll from being loaded from the current path. However
libvorbis.dll depends on libogg.dll which still is loaded from the
current path. So couldn't the attack simply switch to libogg.dll and do
the attack anyway?

-- 
Elias Pschernig <elias.pschernig@xxxxxxxxxx>





Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/