[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] DLL hijacking with Autorun on a USB drive
- To: "Dan Kaminsky" <dan@xxxxxxxxxxx>
- Subject: Re: [Full-disclosure] DLL hijacking with Autorun on a USB drive
- From: "Stefan Kanthak" <stefan.kanthak@xxxxxxxx>
- Date: Wed, 15 Sep 2010 17:45:27 +0200
Dan Kaminsky wrote:
> On Tue, Sep 14, 2010 at 6:07 PM, Stefan Kanthak <stefan.kanthak@xxxxxxxx>
> wrote:
>> Dan Kaminsky wrote:
>>> Short version: Go see how many DLLs exist outside of c:\windows\system32.
>>> Look, ye mighty, and despair when you realize all those apps would be broken
>>> by CWD DLL blocking.
>>
>> No, that's the too much shortened version.
>> The correct version but is: Go see how many DLLs exist outside of the DLL
>> search path.
>> CWD DLL blocking does NOT break all those apps!
>> Apps which install their DLLs into their own application directory won't
>> notice CWD blocking at all.
>
>> And apps which break can be easily fixed:
>>
>> [HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\application.exe]
>> "Path"=...
>>
>> exists for more than 15 years now.
> An automatic patch that breaks random apps will not be an automatic
> patch -- and neither will the twenty patches after it.
There is no "automatic" patch.
KB2264107 just enables an Administrator to (finally) exempt CWD from the
DLL search path.
> Nobody cares that the breakage "can be fixed" with some fifteen year old key.
The Administrator who blocks DLL loading from CWD but cares!
BTW: Windows developers and administrators should know their platform.
Stefan
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/