Full Disclosure mailing list archives
Re: DLL hijacking with Autorun on a USB drive
From: Dan Kaminsky <dan () doxpara com>
Date: Fri, 27 Aug 2010 10:13:21 -0400
On Fri, Aug 27, 2010 at 9:10 AM, <Valdis.Kletnieks () vt edu> wrote:
On Fri, 27 Aug 2010 07:20:22 EDT, Larry Seltzer said:Why wouldn't eliminating the CWD from the DLL search order fix theproblem?I asked Microsoft about this (http://blogs.pcmag.com/securitywatch/2010/08/list_of_dll_vulnerability_wind.php )and they said the obvious answer, that it would break too many customer installations. And I guess it would break a bunch of them, but therereallyisn't a good reason for anyone to load a DLL from the CWD, is there?The mentality that "Our program only works with version 1.14 of the DLL so we'll ship a copy of it in the directory" is too entrenched. That's why you'll see a box that has 4 or 5 different copies of the Java RTE on it. Of course, on a *sane* system you'd use a variable like LD_LIBRARY_PATH to say where to find the libraries (and maybe apply some W^X exclusion to path components). But there's just too many 3rd party packages that would have to be updated to make it palatable.
As opposed to other platforms that, what, don't have 3rd party packages? :)
Remember - Microsoft doesn't have any real committment to deliver a truly secure system to you. It has a committment to deliver just enough security and other features so it can deliver dollars to its shareholders. We all *know* what it would take to secure it - and it won't happen because the resulting paradidm shits will torpedo sales.
Oh, come on. MS puts more effort into delivering a secure platform than pretty much anyone at this point. They're just not the low hanging fruit they once were. The difference between attack and defense is that we know when attack doesn't work. Unrolling this one characteristic pretty much yields security as it stands today. It's why attack research is so important -- it's our only source of ground truth!
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: DLL hijacking with Autorun on a USB drive, (continued)
- Re: DLL hijacking with Autorun on a USB drive paul . szabo (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive paul . szabo (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Valdis . Kletnieks (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Valdis . Kletnieks (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Larry Seltzer (Aug 27)
- Re: DLL hijacking with Autorun on a USB drive Valdis . Kletnieks (Aug 27)
- Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 27)
- Re: DLL hijacking with Autorun on a USB drive Valdis . Kletnieks (Aug 27)
- Re: DLL hijacking with Autorun on a USB drive Christian Sciberras (Aug 27)
- Re: DLL hijacking with Autorun on a USB drive Valdis . Kletnieks (Aug 27)
- Re: DLL hijacking with Autorun on a USB drive Michal (Aug 27)
- Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 27)
- Re: DLL hijacking with Autorun on a USB drive Larry Seltzer (Aug 27)
- Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 27)
- Re: DLL hijacking with Autorun on a USB drive Christian Sciberras (Aug 27)
- Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 27)
- Re: DLL hijacking with Autorun on a USB drive Larry Seltzer (Aug 27)