From: Ramiro Polla <ramiro.polla@gmail.com>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Subject: Re: [FFmpeg-devel] [PATCH v2] libavformat/vapoursynth: Update to API version 4, load library at runtime
Date: Mon, 22 Jul 2024 14:13:59 +0200
Message-ID: <CALweWgC6j7sree6HkQmP0Y8PHz9i=u7GTLTpZO1OjfQEMpzxmg@mail.gmail.com> (raw)
In-Reply-To: <CA+anqdyBKeofcbepJ34Z1auNwCYFakdr++j6wp3xB1nK8i7pmw@mail.gmail.com>
On Mon, Jul 22, 2024 at 12:15 AM Hendrik Leppkes <h.leppkes@gmail.com> wrote:
> On Mon, Jul 22, 2024 at 12:08 AM Stefan Oltmanns via ffmpeg-devel
> <ffmpeg-devel@ffmpeg.org> wrote:
> >
> > Am 18.07.24 um 17:23 schrieb epirat07@gmail.com:
> > >
> > >>>
> > >>> Well, the DLL directory is added to PATH by the VapourSynth installer,
> > >>> but for safety reasons ffmpeg explictly tells the LoadLibrary function
> > >>> to only search the application directory and system32, quote from
> > >>> w32dlfcn.h:
> > >>>
> > >>>> /**
> > >>>> * Safe function used to open dynamic libs. This attempts to improve program security
> > >>>> * by removing the current directory from the dll search path. Only dll's found in the
> > >>>> * executable or system directory are allowed to be loaded.
> > >>>> * @param name The dynamic lib name.
> > >>>> * @return A handle to the opened lib.
> > >>>> */
> > >>> So ffmpeg prevents that solution on purpose. Or should that behavior be
> > >>> changed in the w32dlfcn.h?
> > >>
> > >> Oh, bummer. I would expect that overriding the PATH environment
> > >> variable would work kind of like how LD_LIBRARY_PATH works on Linux. I
> > >> don't know why that was changed. I don't really follow what goes on in
> > >> Windowsland anymore. Does anyone else care to comment on this? Martin,
> > >> maybe?
> > >
> > > IIRC this is done to prevent DLL injection attacks
> > >
> > > https://learn.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-security
> > >
> >
> > So what's your proposal how to continue?
> >
> > I see different options with pros&cons:
> >
> >
> > 1.
> > Read the DLL path from registry, function for that could be located
> > outside the VapourSynth module.
> >
> > Pro: Safest method to protect from DLL-injection
> > Con: A lot of custom code/functionality for Windows
> >
>
> Relaxing security considerations to avoid a 10 line function seems not
> worth it to me. So go with actually finding the correct path.
I would prefer changing w32dlfcn.h to allow loading DLLs from PATH.
Limiting to only the directory of the executable and system32 seems
too excessive to me. Removing the current working directory is more
understandable, but it's perfectly fine to expect PATH to be searched.
Also, we don't have such restrictions on other platforms.
(DY)LD_LIBRARY_PATH still work as expected.
Ramiro
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
next prev parent reply other threads:[~2024-07-22 12:14 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-06 21:08 Stefan Oltmanns via ffmpeg-devel
2024-07-18 9:37 ` Stefan Oltmanns via ffmpeg-devel
2024-07-18 11:25 ` Anton Khirnov
2024-07-18 15:38 ` Stefan Oltmanns via ffmpeg-devel
2024-07-22 6:57 ` Anton Khirnov
2024-07-23 0:24 ` Stefan Oltmanns via ffmpeg-devel
2024-07-18 11:08 ` Ramiro Polla
2024-07-18 12:48 ` Stefan Oltmanns via ffmpeg-devel
2024-07-18 13:04 ` Ramiro Polla
2024-07-18 13:41 ` Stefan Oltmanns via ffmpeg-devel
2024-07-18 14:21 ` Ramiro Polla
2024-07-18 14:53 ` Stefan Oltmanns via ffmpeg-devel
2024-07-19 17:05 ` Stephen Hutchinson
2024-07-18 15:23 ` epirat07
2024-07-21 22:08 ` Stefan Oltmanns via ffmpeg-devel
2024-07-21 22:15 ` Hendrik Leppkes
2024-07-22 0:42 ` Stefan Oltmanns via ffmpeg-devel
2024-07-22 6:36 ` Hendrik Leppkes
2024-07-22 12:13 ` Ramiro Polla [this message]
2024-07-22 13:41 ` Hendrik Leppkes
2024-07-22 18:28 ` Ramiro Polla
2024-07-22 13:52 ` Stefan Oltmanns via ffmpeg-devel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CALweWgC6j7sree6HkQmP0Y8PHz9i=u7GTLTpZO1OjfQEMpzxmg@mail.gmail.com' \
--to=ramiro.polla@gmail.com \
--cc=ffmpeg-devel@ffmpeg.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git