-
Notifications
You must be signed in to change notification settings - Fork 84
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CA5393 warning results from allowing less secure dll locations #733
Comments
I'm reading up on that warning. I'm confused by the fact that it considers |
There is some relevant discussion over here: dotnet/roslyn-analyzers#2855 So the rule was disabled by default because the attribute has no effect on Unix systems anyway. (I use Besides the fact that there are legitimate use cases for shimming/replacing DLLs used by an application, I have to say that this whole mechanism seems rather... futile? If an attacker has enough access that they can write arbitrary files to an application's directory, you're probably already majorly screwed, and the question of whether you load DLLs from there is pretty low on the list of immediate concerns... Anyhow, using
seems like a reasonable solution to me. |
It's not as hard as you might think. The more common use case I heard is your Downloads directory. You download a few files, and accumulate a bunch of stuff in your downloads directory. Eventually you run an .exe in there that otherwise would be safe, except that you previously downloaded a .dll (or a .zip and unzipped it) that is there to spoof a Windows dll. Now the harmless .exe loads the virus .dll and invades your system, even though you only ran the trustworthy .exe. |
I had to disable CA5393 to avoid warnings in the generated CsWin32 sources. Since that rule is built into the SDK, I wonder if it would be reasonable for CsWin32 to suppress that rule automatically on relevant methods?
Originally posted by @alexrp in #617 (comment)
The text was updated successfully, but these errors were encountered: