[vlc-devel] [PATCH] win32: do not load wininet.dll on startup, it's not a Known DLL

Steve Lhomme robux4 at gmail.com
Mon Mar 13 06:43:30 CET 2017

Le 10 mars 2017 18:31, "Rémi Denis-Courmont" <remi at remlab.net> a écrit :

Le perjantaina 10. maaliskuuta 2017, 18.22.13 EET Jean-Baptiste Kempf a
écrit :
> On Fri, 10 Mar 2017, at 18:17, Rémi Denis-Courmont wrote:
> > You can't load kernel32.dll at run-time anyway, since it contains the
> > run-time
> > loader.
> Take any of those. Remove gdi or advapi or user32 or any other library
> that we link statically against.
> Show me how.
> > > If you can change advapi32, kernel32, user32, shell32, psapi or
> > > msvcrt.dll and change them to either not be KnownDLL or be modified,
> > > then your system security is fucked.
> >
> > Sure. And if an attacker can overwrite any (other) of the MSDN
> > DLLs, I am fucked too. Whether or not it´s a known DLL.
> >
> > Because plenty of executables will link them in the PE header.
> And your point is?
> winmm.dll and wininet.dll are not knowndll, so putting a dll named like
> that on a portable VLC, next to VLC.exe will load them, in the normal
> configuration, without being admin.

If somebody can put a DLL in the same directory as your application, you are
fucked. With or without this patch. Two orders of magnitude more so with
and its habit of  automatically loading any plugin you throw at it.

There are obviously many levels on which the app can be compromised. And
obviously we can't do anything about a recompiled version with malware
added (well, in the next Windows it's possible to disallow running apps not
coming from the store).

But in this case the idea is not to tamper the software at all. You can
update it and the hack still remains. Nothing is even installed on the
infected/spied on computer. So we should definitely fix that kind of
attack. Having the manifest embedded is the first step. But it's always
possible to remove it (and a potential exe signature). The software still
looks legit and run the same. So we should also avoid "implib loading"
those DLLs that are not known DLLs and preloaded for anyone to use at boot.
We can load them later, only from System32 when we need them, as patches

Loading DLLs from CWD is (or was) a security vulnerability. Loading DLLs
the app directory might be suboptimal for "safety", but is not a "security"
vulnerability under any sane threat model.


vlc-devel mailing list
To unsubscribe or modify your subscription options:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20170313/890f4acb/attachment.html>

More information about the vlc-devel mailing list