[llvm] [Windows] Avoid loading shared libraries from load directory (PR #90520)
Daniel Paoliello via llvm-commits
llvm-commits at lists.llvm.org
Mon Apr 29 16:41:56 PDT 2024
================
@@ -43,6 +43,10 @@ InitLLVM::InitLLVM(int &Argc, const char **&Argv,
assert(!Initialized && "InitLLVM was already initialized!");
Initialized = true;
#endif
+#ifdef _WIN32
+ // Avoid searching the directory from which the application is loaded.
----------------
dpaoliello wrote:
> Although that is true when we are dealing with unsigned binaries, it does not when dealing with signed ones. After modifying the binary directly, the attacker won't be able to reauthenticate it. The renamed, fake dll remains a vulnerability because it does not have to be signed in order to be loaded, so we have to ensure the search path does not find these system libraries where a user can place them.
Unless you are using cert-pinning or allow-listing, then the signature doesn't matter: the attacker can replace the application with a correctly signed malicious application.
https://github.com/llvm/llvm-project/pull/90520
More information about the llvm-commits
mailing list