From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: =?utf-8?Q?=C3=93scar_Fuentes?= Newsgroups: gmane.emacs.devel Subject: Re: Emacs master, security concernes, ms-windows Date: Thu, 14 Sep 2017 15:33:40 +0200 Message-ID: <87k211xv4b.fsf@qcore> References: NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: blaine.gmane.org 1505396081 7497 195.159.176.226 (14 Sep 2017 13:34:41 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Thu, 14 Sep 2017 13:34:41 +0000 (UTC) User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Sep 14 15:34:37 2017 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dsUHr-0001qf-Pq for ged-emacs-devel@m.gmane.org; Thu, 14 Sep 2017 15:34:35 +0200 Original-Received: from localhost ([::1]:47825 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dsUHz-00022N-7A for ged-emacs-devel@m.gmane.org; Thu, 14 Sep 2017 09:34:43 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:34679) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dsUHH-000220-7d for emacs-devel@gnu.org; Thu, 14 Sep 2017 09:34:00 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dsUHB-0004PF-KH for emacs-devel@gnu.org; Thu, 14 Sep 2017 09:33:59 -0400 Original-Received: from [195.159.176.226] (port=53147 helo=blaine.gmane.org) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dsUHB-0004OU-DE for emacs-devel@gnu.org; Thu, 14 Sep 2017 09:33:53 -0400 Original-Received: from list by blaine.gmane.org with local (Exim 4.84_2) (envelope-from ) id 1dsUGz-0000iX-Vi for emacs-devel@gnu.org; Thu, 14 Sep 2017 15:33:41 +0200 X-Injected-Via-Gmane: http://gmane.org/ Original-Lines: 41 Original-X-Complaints-To: usenet@blaine.gmane.org Cancel-Lock: sha1:g8+HOlk2yaIQw7VKMOxcAPCHfik= X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 195.159.176.226 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:218265 Archived-At: Fabrice Popineau writes: > Since there seems to be a lot of concerns wrt to security, > I am submitting the attached patch. > > The reason for this patch is to limit the search for dlls loaded at > runtime to the win32 system directory and/or the emacs application > directory. > In the current state, dlls can be picked up in any directory in the path. > Some one could fake one of these dlls (xpm, png, etc.) and use it for > mean reasons. > It is not bullet proof, but it levels up security and > many other projects have applied such a restriction. > > Best regards, > > Fabrice > diff --git a/src/unexw32.c b/src/unexw32.c > index 5259b2a52b..10f720f734 100644 > --- a/src/unexw32.c > +++ b/src/unexw32.c > @@ -772,7 +820,7 @@ unexec (const char *new_name, const char *old_name) > { > PIMAGE_DOS_HEADER dos_header; > PIMAGE_NT_HEADERS nt_header; > - HANDLE hImagehelp = LoadLibrary ("imagehlp.dll"); > + HANDLE hImagehelp = LoadLibraryEx ("imagehlp.dll", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32); According do MSDN, LoadLibraryEx does not support LOAD_LIBRARY_SEARCH_SYSTEM32 nor LOAD_LIBRARY_SEARCH_APPLICATION_DIR on Windows XP, and on Windows 7 and some other version it requires certain security system patch to be installed. Apart from that, the security provided by this approach is questionable. If the attacker has enough control to install a DLL and modify the PATH, it is game over. Finally, this patch can be a hindrance for those who build Emacs. After the build is over, you need to copy the required extra dlls (for image support, etc) to the build binary directory to test or use Emacs. Not a huge inconvenience, but it isn't irrelevant either.