Dan Kaminsky wrote: > On Tue, Sep 14, 2010 at 6:07 PM, Stefan Kanthak <[email protected]> > wrote: >> Dan Kaminsky wrote:
>>> Short version: Go see how many DLLs exist outside of c:\windows\system32. >>> Look, ye mighty, and despair when you realize all those apps would be broken >>> by CWD DLL blocking. >> >> No, that's the too much shortened version. >> The correct version but is: Go see how many DLLs exist outside of the DLL >> search path. >> CWD DLL blocking does NOT break all those apps! >> Apps which install their DLLs into their own application directory won't >> notice CWD blocking at all. > >> And apps which break can be easily fixed: >> >> [HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\application.exe] >> "Path"=... >> >> exists for more than 15 years now. > An automatic patch that breaks random apps will not be an automatic > patch -- and neither will the twenty patches after it. There is no "automatic" patch. KB2264107 just enables an Administrator to (finally) exempt CWD from the DLL search path. > Nobody cares that the breakage "can be fixed" with some fifteen year old key. The Administrator who blocks DLL loading from CWD but cares! BTW: Windows developers and administrators should know their platform. Stefan _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
