[llvm] [Windows] Avoid loading shared libraries from load directory (PR #90520)
via llvm-commits
llvm-commits at lists.llvm.org
Mon Apr 29 16:39:05 PDT 2024
================
@@ -43,6 +43,10 @@ InitLLVM::InitLLVM(int &Argc, const char **&Argv,
assert(!Initialized && "InitLLVM was already initialized!");
Initialized = true;
#endif
+#ifdef _WIN32
+ // Avoid searching the directory from which the application is loaded.
----------------
jofrn wrote:
> Loading dlls from the directory where the application is loaded is not a security vulnerability: the attacker hasn't gained anything.
>
> If the attacker has the ability to write to the directory where the application is loaded then they don't have to play games with dropping binaries with names that collide with the system - they can modify the application's binary instead.
Although that is true when we are dealing with unsigned binaries, it does not when dealing with signed ones. After modifying the binary directly, the attacker won't be able to reauthenticate it. The renamed, fake dll remains a vulnerability because it does not have to be signed in order to be loaded, so we have to ensure the search path does not find these system libraries where a user can place them.
https://github.com/llvm/llvm-project/pull/90520
More information about the llvm-commits
mailing list