[FFmpeg-devel] [PATCH v2] libavformat/vapoursynth: Update to API version 4, load library at runtime
Stefan Oltmanns
stefan-oltmanns at gmx.net
Mon Jul 22 01:08:20 EEST 2024
Am 18.07.24 um 17:23 schrieb epirat07 at gmail.com:
>
>>>
>>> Well, the DLL directory is added to PATH by the VapourSynth installer,
>>> but for safety reasons ffmpeg explictly tells the LoadLibrary function
>>> to only search the application directory and system32, quote from
>>> w32dlfcn.h:
>>>
>>>> /**
>>>> * Safe function used to open dynamic libs. This attempts to improve program security
>>>> * by removing the current directory from the dll search path. Only dll's found in the
>>>> * executable or system directory are allowed to be loaded.
>>>> * @param name The dynamic lib name.
>>>> * @return A handle to the opened lib.
>>>> */
>>> So ffmpeg prevents that solution on purpose. Or should that behavior be
>>> changed in the w32dlfcn.h?
>>
>> Oh, bummer. I would expect that overriding the PATH environment
>> variable would work kind of like how LD_LIBRARY_PATH works on Linux. I
>> don't know why that was changed. I don't really follow what goes on in
>> Windowsland anymore. Does anyone else care to comment on this? Martin,
>> maybe?
>
> IIRC this is done to prevent DLL injection attacks
>
> https://learn.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-security
>
So what's your proposal how to continue?
I see different options with pros&cons:
1.
Read the DLL path from registry, function for that could be located
outside the VapourSynth module.
Pro: Safest method to protect from DLL-injection
Con: A lot of custom code/functionality for Windows
2.
Change w32dlfcn.h to allow loading DLLs from PATH
Pro: Minimal code-change, highest similarity between different OSes
Con: Open for DLL-injection attacks the current implementations wants to
prevent.
3.
Allow loading DLLs from PATH with a special flag when calling dlopen.
dlopen has a parameter for flags, we could define a
WIN_ALLOW_LOAD_DLL_FROM_PATH for Windows that will enable load from PATH
Pro: Reduced risk for DLL-injection attack, high similarity between
different OSes
Con: Flag needs to be defined 0 for other OSes, Posix flags need to be
defined 0 for Windows (currently not needed, as the flags are thrown
away by the pre-processor)
Best regards
Stefan
More information about the ffmpeg-devel
mailing list