Closed zx2c4 closed 5 years ago
I've taken special care to respect places where loading the function specifically did not panic, so that the call site could just return an error. The behavior should be the same before and after this commit.
Thanks!
This PR is security-related.
Prior this was vulnerable to DLL injection attacks. While the syscall package whitelists a few DLLs for safe loading, it doesn't whitelist all of the ones we need. Hence our only solution is x/sys/windows, which can do this right. On the plus side, however, we get to do this lazily, which means we're not loading tons of useless DLLs in polyglot apps that have win linked in but don't use it all or in all modes of the app.