oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE request: mono loading shared libs from cwd

From: Thomas Biege <thomas () suse de>
Date: Wed, 10 Nov 2010 15:18:26 +0100
Hello folks,

from our bugzilla.

"
http://www.mono-project.com/DllNotFoundException explains that the mono 
runtime
searches the current working directory for DLLs.  This opens a serious 
security
hole.  Malicious code can be given the same name as a DLL and left in a
directory the user might visit.  Also, it means that no mono application can
safely set the current working directory.

Microsoft themselves addressed this issue in Windows
http://msdn.microsoft.com/en-us/library/ms682586(v=VS.85).aspx

It's a well known "dummies" question for Unix why you must not have "." on 
your
path
http://www.unix.com/unix-dummies-questions-answers/22806-why-bad-idea-insert-
dot-path.html

Mono is exposing users to these same old hat problems.

(As a related problem, many mono programs seem to *assume* that they will be
run with the CWD set to their installed directory, and break if it isn't.)
"

Filed by Richard Brooksby.


-- 
 Thomas Biege <thomas () suse de>, SUSE LINUX, Security Support & Auditing
 SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
--
  Wer aufhoert besser werden zu wollen, hoert auf gut zu sein.
                            -- Marie von Ebner-Eschenbach
Previous By Date Next
Previous By Thread Next

Current thread: