Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Double clicking on MS Office documents from Windows Explorermay execute arbitrary programs in some cases
From: Crist Clark <crist.clark () GLOBALSTAR COM>
Date: Tue, 19 Sep 2000 13:18:16 -0700

"Timothy J. Miller" wrote:
The DLL search order logic is functionally equivalent to having a '.'
in the $PATH of a UNIX user.  This is known to be bad practice, since
it allows this kind of shennanigans.

I suggest that this problem, and subsequent problems of this nature,
can be fixed simply by *not* looking in the current directory for
required DLLs.

To use your $PATH analogy to emphasize what I see as the most dangerous
(and the part showing the most ill conceived design), this is like putting
'.' in your $PATH _before_ /bin, /usr/bin, and the other standard system

Checking the current directory is somewhat of a security threat. Checking
the current directory _before_ system directories is a severe threat. Like
most security issues, there is a security-convenience trade. Searching
the PWD at all leans towards convenience, but IMHO, is justifiable. However,
going to the PWD before the system directories is just too risky and I see
little added value.

Of course, the most ideal situation is to have the behavior configurable.
For Win*, a registry entry sepcifying where to look and in what order (with
conservative vendor distributed defaults) would seem the best solution,
but is undoubtably costly to implement.
Crist J. Clark                                Network Security Engineer
crist.clark () globalstar com                    Globalstar, L.P.
(408) 933-4387                                FAX: (408) 933-4926

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]