Possible security hole using SetDllDirectory?

2018-06-15 16:22:12

I've got a DLL which makes a call to SetDllDirectory() in its DllMain() function. The argument to SetDllDirectory() is the directory in which the DLL resides, as returned by the GetModuleFileName() function. The effect of this is that if the DLL is placed as c:/foo/bar.dll , then loading bar.dll will add c:/foo to the DLL search path of the calling process.

My question is: does this open up any form of security hole? Would it be safer to perform the SetDllDirectory() call in a function which had to be explicitly called by the process loading the library?

It isn't. Well actually not a new one. Since the application path is the first place windows looks for dlls someone could place a malicious dll in this folder. So there is a security hole without your SetDllDirectory() call.

链接地址: http://www.djcxy.com/p/44482.html

上一篇: .Net采摘错误的引用程序集版本

下一篇: 使用SetDllDirectory可能的安全漏洞？