From: Hendrik Leppkes <h.leppkes@gmail.com>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Subject: Re: [FFmpeg-devel] [PATCH v2] libavformat/vapoursynth: Update to API version 4, load library at runtime
Date: Mon, 22 Jul 2024 15:41:55 +0200
Message-ID: <CA+anqdz6z0SEAA+qfSRunSkyMgcNytaKuSsfLA-CEcGM0auiXQ@mail.gmail.com> (raw)
In-Reply-To: <CALweWgC6j7sree6HkQmP0Y8PHz9i=u7GTLTpZO1OjfQEMpzxmg@mail.gmail.com>
On Mon, Jul 22, 2024 at 2:14 PM Ramiro Polla <ramiro.polla@gmail.com> wrote:
>
> On Mon, Jul 22, 2024 at 12:15 AM Hendrik Leppkes <h.leppkes@gmail.com> wrote:
> > On Mon, Jul 22, 2024 at 12:08 AM Stefan Oltmanns via ffmpeg-devel
> > <ffmpeg-devel@ffmpeg.org> wrote:
> > >
> > > Am 18.07.24 um 17:23 schrieb epirat07@gmail.com:
> > > >
> > > >>>
> > > >>> Well, the DLL directory is added to PATH by the VapourSynth installer,
> > > >>> but for safety reasons ffmpeg explictly tells the LoadLibrary function
> > > >>> to only search the application directory and system32, quote from
> > > >>> w32dlfcn.h:
> > > >>>
> > > >>>> /**
> > > >>>> * Safe function used to open dynamic libs. This attempts to improve program security
> > > >>>> * by removing the current directory from the dll search path. Only dll's found in the
> > > >>>> * executable or system directory are allowed to be loaded.
> > > >>>> * @param name The dynamic lib name.
> > > >>>> * @return A handle to the opened lib.
> > > >>>> */
> > > >>> So ffmpeg prevents that solution on purpose. Or should that behavior be
> > > >>> changed in the w32dlfcn.h?
> > > >>
> > > >> Oh, bummer. I would expect that overriding the PATH environment
> > > >> variable would work kind of like how LD_LIBRARY_PATH works on Linux. I
> > > >> don't know why that was changed. I don't really follow what goes on in
> > > >> Windowsland anymore. Does anyone else care to comment on this? Martin,
> > > >> maybe?
> > > >
> > > > IIRC this is done to prevent DLL injection attacks
> > > >
> > > > https://learn.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-security
> > > >
> > >
> > > So what's your proposal how to continue?
> > >
> > > I see different options with pros&cons:
> > >
> > >
> > > 1.
> > > Read the DLL path from registry, function for that could be located
> > > outside the VapourSynth module.
> > >
> > > Pro: Safest method to protect from DLL-injection
> > > Con: A lot of custom code/functionality for Windows
> > >
> >
> > Relaxing security considerations to avoid a 10 line function seems not
> > worth it to me. So go with actually finding the correct path.
>
> I would prefer changing w32dlfcn.h to allow loading DLLs from PATH.
> Limiting to only the directory of the executable and system32 seems
> too excessive to me. Removing the current working directory is more
> understandable, but it's perfectly fine to expect PATH to be searched.
>
This is common and largely expected DLL loading behavior on Windows.
Changing that to avoid 10 lines of code is rather ill advised.
- Hendrik
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
next prev parent reply other threads:[~2024-07-22 13:42 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-06 21:08 Stefan Oltmanns via ffmpeg-devel
2024-07-18 9:37 ` Stefan Oltmanns via ffmpeg-devel
2024-07-18 11:25 ` Anton Khirnov
2024-07-18 15:38 ` Stefan Oltmanns via ffmpeg-devel
2024-07-22 6:57 ` Anton Khirnov
2024-07-23 0:24 ` Stefan Oltmanns via ffmpeg-devel
2024-07-18 11:08 ` Ramiro Polla
2024-07-18 12:48 ` Stefan Oltmanns via ffmpeg-devel
2024-07-18 13:04 ` Ramiro Polla
2024-07-18 13:41 ` Stefan Oltmanns via ffmpeg-devel
2024-07-18 14:21 ` Ramiro Polla
2024-07-18 14:53 ` Stefan Oltmanns via ffmpeg-devel
2024-07-19 17:05 ` Stephen Hutchinson
2024-07-18 15:23 ` epirat07
2024-07-21 22:08 ` Stefan Oltmanns via ffmpeg-devel
2024-07-21 22:15 ` Hendrik Leppkes
2024-07-22 0:42 ` Stefan Oltmanns via ffmpeg-devel
2024-07-22 6:36 ` Hendrik Leppkes
2024-07-22 12:13 ` Ramiro Polla
2024-07-22 13:41 ` Hendrik Leppkes [this message]
2024-07-22 18:28 ` Ramiro Polla
2024-07-22 13:52 ` Stefan Oltmanns via ffmpeg-devel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CA+anqdz6z0SEAA+qfSRunSkyMgcNytaKuSsfLA-CEcGM0auiXQ@mail.gmail.com \
--to=h.leppkes@gmail.com \
--cc=ffmpeg-devel@ffmpeg.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git