This is the mail archive of the cygwin-developers mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: DLL hijacking problem


On Fri, Aug 27, 2010 at 06:43:56PM +0200, Corinna Vinschen wrote:
>On Aug 27 09:38, Christopher Faylor wrote:
>> On Fri, Aug 27, 2010 at 03:16:14PM +0200, Corinna Vinschen wrote:
>> >Hi,
>> >
>> >This DLL hijacking problem goes from simmering to boiling pretty fast
>> >right now:
>> >http://www.microsoft.com/technet/security/advisory/2269637.mspx
>> >The exploit DB fills rapidly in the last couple of days:
>> >http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=DLL+Hijacking&filter_author=&filter_platform=0&filter_type=0&filter_port=&filter_osvdb=&filter_cve=
>> >
>> >Given
>> >http://msdn.microsoft.com/en-us/library/ff919712%28VS.85%29.aspx
>> >
>> >I propose to change all calls to
>> >
>> >  LoadLibrary ("any-Win32-system.dll")
>> >
>> >to (basically) 
>> >
>> >  GetSystemDirectory (path);
>> >  strcat (path, "\\any-Win32-system.dll");
>> >  LoadLibrary (path);
>> >
>> >Or does anybody think this is overreacting?
>> 
>> No, I was thinking the same thing after seeing the discussion of the
>> problem in Slashdot.
>
>Ok, I'll do that.  For the autoload stuff, do you have any problem if I
>convert the DLL names to WCHAR?  The idea is to move the
>windows_system_directory variable from a static var in exceptions.cc to
>a global variable in globals.cc, and to move the GetSystemDirectoryW
>call in exceptions.cc:events_init pretty much to the start of
>dll_crt0_0, so we can be sure it's available for any autoloaded stuff,
>however early it occurs.

That sounds right to me.

cgf


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]