On Thursday, 30 January 2020 09:09:47 PST Olivier Goffart wrote: > > This is similar to a TOCTOU attack, but I couldn't come up with a > > reasonable attack scenario. If the interposing DLL has metadata saying > > not to load, QLibrary will find the actual plugin later and will load > > that. The worst that could happen is that the interposing DLL has valid > > but incorrect metadata causing another DLL to be loaded that shouldn't > > be. This other DLL isn't under the control of the attacker, though and > > neither is the name of the DLL. > I think a reasonable attack scenario remains if the plugin does not exist in > the system.
You're talking about an application that attempts to load an optional plugin with no pathname? I didn't test that. I don't know if LoadLibrary() searches $PWD at all. I only tested non-optional plugins in the proof of concept. -- Thiago Macieira - thiago.macieira (AT) intel.com Software Architect - Intel System Software Products _______________________________________________ Development mailing list Development@qt-project.org https://lists.qt-project.org/listinfo/development
