lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <E3575DF3B8DD4BAB8DB8E3CA3E2EBA9A@localhost>
Date: Wed, 15 Sep 2010 17:45:27 +0200
From: "Stefan Kanthak" <stefan.kanthak@...go.de>
To: "Dan Kaminsky" <dan@...para.com>
Cc: full-disclosure@...ts.grok.org.uk, Valdis.Kletnieks@...edu
Subject: Re: DLL hijacking with Autorun on a USB drive

Dan Kaminsky wrote:

> On Tue, Sep 14, 2010 at 6:07 PM, Stefan Kanthak <stefan.kanthak@...go.de> wrote:
>> Dan Kaminsky wrote:

>>> Short version: Go see how many DLLs exist outside of c:\windows\system32.
>>> Look, ye mighty, and despair when you realize all those apps would be broken
>>> by CWD DLL blocking.
>>
>> No, that's the too much shortened version.
>> The correct version but is: Go see how many DLLs exist outside of the DLL
>> search path.
>> CWD DLL blocking does NOT break all those apps!
>> Apps which install their DLLs into their own application directory won't
>> notice CWD blocking at all.
>
>> And apps which break can be easily fixed:
>>
>> [HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\application.exe]
>> "Path"=...
>>
>> exists for more than 15 years now.

> An automatic patch that breaks random apps will not be an automatic
> patch -- and neither will the twenty patches after it.

There is no "automatic" patch.
KB2264107 just enables an Administrator to (finally) exempt CWD from the
DLL search path.

> Nobody cares that the breakage "can be fixed" with some fifteen year old key.

The Administrator who blocks DLL loading from CWD but cares!

BTW: Windows developers and administrators should know their platform.

Stefan

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ