Skip to content

syscall: guard against Windows DLL preloading attacks  #14959

Closed
@bradfitz

Description

@bradfitz

Taru Karttunen noted that Go should be more paranoid by default when loading DLLs.

Background:
https://textplain.wordpress.com/2015/12/18/dll-hijacking-just-wont-die/

Microsoft's guidelines:
https://msdn.microsoft.com/en-us/library/ff919712%28VS.85%29.aspx

LoadLibraryEx docs:
https://msdn.microsoft.com/en-us/library/ms684179(v=vs.85).aspx

@rsc proposed:

  1. Change syscall.LoadDLL to call LoadLibraryEx with flags=LOAD_LIBRARY_SEARCH_SYSTEM32 instead of calling LoadLibrary. That is, LoadDLL is now secure by default and cannot load DLLs from the directory containing the executable.
  2. Add a LoadLibraryEx to x/sys/win so that users can still get at the old behavior if they want it (by appropriate passing of flags).

CL forthcoming.

/cc @alexbrainman @adg @broady @jbuberel @ianlancetaylor

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions