Re: [FFmpeg-devel] [PATCH v2] libavformat/vapoursynth: Update to API version 4, load library at runtime

Sun, 21 Jul 2024 15:08:32 -0700 

Am 18.07.24 um 17:23 schrieb epira...@gmail.com:




Well, the DLL directory is added to PATH by the VapourSynth installer,
but for safety reasons ffmpeg explictly tells the LoadLibrary function
to only search the application directory and system32, quote from
w32dlfcn.h:


/**
  * Safe function used to open dynamic libs. This attempts to improve program 
security
  * by removing the current directory from the dll search path. Only dll's 
found in the
  * executable or system directory are allowed to be loaded.
  * @param name  The dynamic lib name.
  * @return A handle to the opened lib.
  */

So ffmpeg prevents that solution on purpose. Or should that behavior be
changed in the w32dlfcn.h?


Oh, bummer. I would expect that overriding the PATH environment
variable would work kind of like how LD_LIBRARY_PATH works on Linux. I
don't know why that was changed. I don't really follow what goes on in
Windowsland anymore. Does anyone else care to comment on this? Martin,
maybe?


IIRC this is done to prevent DLL injection attacks

https://learn.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-security



So what's your proposal how to continue?

I see different options with pros&cons:


1.
Read the DLL path from registry, function for that could be located
outside the VapourSynth module.

Pro: Safest method to protect from DLL-injection
Con: A lot of custom code/functionality for Windows


2.
Change w32dlfcn.h to allow loading DLLs from PATH

Pro: Minimal code-change, highest similarity between different OSes
Con: Open for DLL-injection attacks the current implementations wants to
prevent.


3.
Allow loading DLLs from PATH with a special flag when calling dlopen.
dlopen has a parameter for flags, we could define a
WIN_ALLOW_LOAD_DLL_FROM_PATH for Windows that will enable load from PATH

Pro: Reduced risk for DLL-injection attack, high similarity between
different OSes
Con: Flag needs to be defined 0 for other OSes, Posix flags need to be
defined 0 for Windows (currently not needed, as the flags are thrown
away by the pre-processor)


Best regards
Stefan
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".























					Reply via email to