https://bugs.freedesktop.org/show_bug.cgi?id=45364
Bug #: 45364
Summary: DLL search order wrong when safe DLL search mode is ON
(default)
Classification: Unclassified
Product: LibreOffice
Version: LibO 3.4.5 release
Platform: All
OS/Version: Windows (All)
Status: NEW
Severity: major
Priority: medium
Component: Libreoffice
AssignedTo: [email protected]
ReportedBy: [email protected]
Replacing a dll (libeay32.dll) in my GnuWin32 bin directory (which is in the
search path) I found out that it was in use by soffice.bin. LibreOffice comes
with its own libeay32.dll in <Installdir>/program, but that is not used.
My system is a german WinXP Pro SP3, but this should happen on almost all newer
Windows versions beginning with XP SP2, because:
On newer Windows Microsoft introduced the "safe DLL search mode"
(http://msdn.microsoft.com/en-us/library/windows/desktop/ms682586%28v=vs.85%29.aspx),
which is ON by default on everything newer than XP SP1, and this puts the local
directory later in the search path to circumvent certain security concerns
especially with web servers. For local programs to be able to load their own
DLLs they have to issue a SetDllDirectory call
(http://msdn.microsoft.com/en-us/library/windows/desktop/ms686203(v=vs.85).aspx)
before loading the dynamic libraries. soffice.bin seems not to do so, however
it should.
There is a (severe?) security issue connected: when an attacker successfully
places a rogue dll anywhere in the default dll search path (or adds the
directory with his rogue dll to this path before soffice starts), soffice will
happily load the attackers dll and not its own safe version.
--
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
_______________________________________________
Libreoffice-bugs mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
