Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Double clicking on MS Office documents from Windows Explorermay execute arbitrary programs in some cases
From: Crist Clark <crist.clark () GLOBALSTAR COM>
Date: Tue, 19 Sep 2000 13:18:16 -0700

"Timothy J. Miller" wrote:
[snip]
The DLL search order logic is functionally equivalent to having a '.'
in the $PATH of a UNIX user.  This is known to be bad practice, since
it allows this kind of shennanigans.

I suggest that this problem, and subsequent problems of this nature,
can be fixed simply by *not* looking in the current directory for
required DLLs.

To use your $PATH analogy to emphasize what I see as the most dangerous
(and the part showing the most ill conceived design), this is like putting
'.' in your $PATH _before_ /bin, /usr/bin, and the other standard system
paths.

Checking the current directory is somewhat of a security threat. Checking
the current directory _before_ system directories is a severe threat. Like
most security issues, there is a security-convenience trade. Searching
the PWD at all leans towards convenience, but IMHO, is justifiable. However,
going to the PWD before the system directories is just too risky and I see
little added value.

Of course, the most ideal situation is to have the behavior configurable.
For Win*, a registry entry sepcifying where to look and in what order (with
conservative vendor distributed defaults) would seem the best solution,
but is undoubtably costly to implement.
--
Crist J. Clark                                Network Security Engineer
crist.clark () globalstar com                    Globalstar, L.P.
(408) 933-4387                                FAX: (408) 933-4926


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault