From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Andy Moreton Newsgroups: gmane.emacs.devel Subject: Re: Emacs master, security concernes, ms-windows Date: Thu, 14 Sep 2017 15:13:39 +0100 Message-ID: References: NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: blaine.gmane.org 1505398439 13547 195.159.176.226 (14 Sep 2017 14:13:59 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Thu, 14 Sep 2017 14:13:59 +0000 (UTC) User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2.50 (windows-nt) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Sep 14 16:13:52 2017 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dsUts-0003MM-9K for ged-emacs-devel@m.gmane.org; Thu, 14 Sep 2017 16:13:52 +0200 Original-Received: from localhost ([::1]:48041 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dsUtz-0003sX-Hc for ged-emacs-devel@m.gmane.org; Thu, 14 Sep 2017 10:13:59 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:58958) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dsUtt-0003sP-0C for emacs-devel@gnu.org; Thu, 14 Sep 2017 10:13:54 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dsUtp-0007ty-PL for emacs-devel@gnu.org; Thu, 14 Sep 2017 10:13:52 -0400 Original-Received: from [195.159.176.226] (port=52376 helo=blaine.gmane.org) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dsUtp-0007t6-IL for emacs-devel@gnu.org; Thu, 14 Sep 2017 10:13:49 -0400 Original-Received: from list by blaine.gmane.org with local (Exim 4.84_2) (envelope-from ) id 1dsUte-00035w-H8 for emacs-devel@gnu.org; Thu, 14 Sep 2017 16:13:38 +0200 X-Injected-Via-Gmane: http://gmane.org/ Original-Lines: 35 Original-X-Complaints-To: usenet@blaine.gmane.org Cancel-Lock: sha1:41xApW+c6d5PMN+IP/8fughioCU= X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 195.159.176.226 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:218267 Archived-At: On Thu 14 Sep 2017, Fabrice Popineau wrote: > Since there seems to be a lot of concerns wrt to security, > I am submitting the attached patch. > > The reason for this patch is to limit the search for dlls loaded at > runtime to the win32 system directory and/or the emacs application > directory. > In the current state, dlls can be picked up in any directory in the path. > Some one could fake one of these dlls (xpm, png, etc.) and use it for > mean reasons. > It is not bullet proof, but it levels up security and > many other projects have applied such a restriction. Restricting the path used to locate DLLs is reasonable, but this is too strict. For an emacs built from source and run from the build tree (i.e. not installed), this requires copying all of the distro DLLs to the emacs build directory, and keeping them up to date. Also note that the patch uses LOAD_LIBRARY_SEARCH_* flags, which won't work at all on Windows XP, or on newer Windows versions that do not have the correct updates installed. See: Dynamic-Link Library Security: https://msdn.microsoft.com/en-us/library/windows/desktop/ff919712(v=vs.85).aspx Dynamic-Link Library Search Order: https://msdn.microsoft.com/en-us/library/windows/desktop/ms682586(v=vs.85).aspx LoadLibraryEx: https://msdn.microsoft.com/en-us/library/windows/desktop/ms684179(v=vs.85).aspx AndyM