Closed marcosfrm closed 7 months ago
Currently there are only three DLLs loaded by cbang. They are ntdll.dll
, OpenCL.dll
and nvcuda.dll
. Are these always located in %windows%\system32
? If so we could restrict DLL searching to this location.
I've restricted DLL search with LOAD_LIBRARY_SEARCH_DEFAULT_DIRS
. I think this is a reasonable because the application's install path permissions are the application's responsibility (i.e. ours). By not searching the PATH
we are not exposed to 3rd party mistakes. Hopefully this wont break OpenCL or CUDA for some users.
Thanks. nvcuda.dll
and OpenCL.dll
are in C:\Windows\System32
. *crossed fingers*
https://github.com/CauldronDevelopmentLLC/cbang/blob/12ad46a0593634605c8ab98bd85d1fffb763f9e5/src/cbang/os/DynamicLibrary.cpp#L72
LoadLibrary()
search order is often too broad:https://itm4n.github.io/windows-dll-hijacking-clarified/
LoadLibraryEx()
has flags to restrict the search path. The important ones require at minimum Vista/7 with KB2533623 installed.