[tor-bugs] #1954 [Tor Client]: LoadLibrary used without restrictions for search path
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Tue Sep 21 00:49:48 UTC 2010
#1954: LoadLibrary used without restrictions for search path
------------------------+---------------------------------------------------
Reporter: Sebastian | Owner:
Type: defect | Status: new
Priority: major | Milestone: Tor: 0.2.2.x-final
Component: Tor Client | Version:
Keywords: | Parent:
------------------------+---------------------------------------------------
Comment(by nickm):
Both DLLs are present in Windows 98 and later, so far as I can find out
online. They may also be in Windows 95, though it's kind of hard to
tell.[*]
The behavior of LoadLibrary is explained here on MSDN:
http://msdn.microsoft.com/en-us/library/ms684175(VS.85).aspx ; the search
path is here: http://msdn.microsoft.com/en-
us/library/ms682586(v=VS.85).aspx .
If I am reading that right (and somebody should re-read it!) there are
circumstances where the cwd can get searched before the system directory.
That's a problem if anybody is invoking Tor from an someplace where a
potentially hostile party might have placed DLLs. Vidalia should prevent
this from happening for most users. Still, let's be belt-and-suspenders
about this and use explicit paths to handle this case, in case it matters.
[*] (Insert standard gripes about how microsoft has interpreted a very
reasonable "Windows 98 is no longer supported" position to mean "All
information on MSDN pertaining to windows 98 shall be thrown into the
memory hole. All APIs introduced in windows 98 and earlier will be listed
as 'Since Windows 2000'.")
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1954#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list