Closed
Bug 801853
Opened 12 years ago
Closed 12 years ago
We should call SetDllDirectory("") in our NSIS installers as a precaution
Categories
(Firefox :: Installer, defect)
Tracking
()
RESOLVED
FIXED
mozilla19
People
(Reporter: bbondy, Assigned: bbondy)
References
Details
(Keywords: sec-moderate, Whiteboard: [adv-main19-])
Attachments
(1 file, 2 obsolete files)
6.21 KB,
patch
|
bbondy
:
review+
|
Details | Diff | Splinter Review |
There is no known DLL injection call that would be fixed by calling SetDllDirectory(""), but it would be good practice to do so. SetDllDirectory("") helps only with LoadLibrary calls, so this isn't a blanket fix for all DLL injection attacks to the installer. In particular it doesn't help with implicitly linked DLLs. Leaving as security-sensitive for now in case there is a problem I don't know about. See also bug 792106
Assignee | ||
Comment 1•12 years ago
|
||
Attachment #671835 -
Flags: review?(robert.bugzilla)
Comment 2•12 years ago
|
||
(In reply to Brian R. Bondy [:bbondy] from comment #0) > There is no known DLL injection call that would be fixed by calling > SetDllDirectory(""), but it would be good practice to do so. The problem can come from the OS itself -- Some of the libraries will attempt to load other OS dlls to see if they're there, and have fallback code if they're not (e.g. Vista vs. Win7). This is, basically, where the dwmapi.dll problem comes from, and I'd lay odds that new stuff will be added in Win8 that will thereafter make Win7 and Vista users vulnerable to injections that are not seen today.
Keywords: sec-moderate
Assignee | ||
Comment 3•12 years ago
|
||
Agreed, in these implicitly loaded cases though, SetDllDirectoryW(L"") will not help.
Comment 4•12 years ago
|
||
Comment on attachment 671835 [details] [diff] [review] Path v1 Seems like you should add it to UninstallUnOnInitCommon as well. There is other code that runs before the common macros and I wonder if it wouldn't be better to run it in the associated .oninit, etc.
Attachment #671835 -
Flags: review?(robert.bugzilla)
Assignee | ||
Comment 5•12 years ago
|
||
I think we can just remove the common.nsh changes and let other products port this fix into their own nsi files.
Attachment #671835 -
Attachment is obsolete: true
Attachment #675389 -
Flags: review?(robert.bugzilla)
Comment 6•12 years ago
|
||
Comment on attachment 675389 [details] [diff] [review] Patch v2. (In reply to Brian R. Bondy [:bbondy] from comment #5) > Created attachment 675389 [details] [diff] [review] > Patch v2. > > I think we can just remove the common.nsh changes and let other products > port this fix into their own nsi files. If there is any concern about code running before this call then that would be the better way to go and r=me if you want to go with that instead.
Attachment #675389 -
Flags: review?(robert.bugzilla) → review+
Assignee | ||
Comment 7•12 years ago
|
||
I'm not really concerned but I think that's the best way, so I'll go with the current patch minus common.nsh and r=you. Thanks!
Comment 8•12 years ago
|
||
Not a problem and I hope you have fun for a week without any stub craziness! :)
Assignee | ||
Comment 9•12 years ago
|
||
Same as last patch -common.nsh. Carrying forward r+. (In reply to Robert Strong [:rstrong] (vac 10/26-11/4) (do not email) from comment #8) > Not a problem and I hope you have fun for a week without any stub craziness! > :) fingers crossed :)
Attachment #675389 -
Attachment is obsolete: true
Attachment #675394 -
Flags: review+
Assignee | ||
Comment 10•12 years ago
|
||
http://hg.mozilla.org/integration/mozilla-inbound/rev/fb30db0fa0aa
Target Milestone: --- → mozilla19
Comment 11•12 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/fb30db0fa0aa
Status: NEW → RESOLVED
Closed: 12 years ago
status-firefox19:
--- → fixed
Flags: in-testsuite-
Resolution: --- → FIXED
Updated•12 years ago
|
status-firefox-esr10:
--- → wontfix
status-firefox-esr17:
--- → affected
Comment 12•12 years ago
|
||
This doesn't meet ESR criteria (sec-moderate) so marking wontfix on esr17.
Updated•11 years ago
|
status-b2g18:
--- → affected
Comment 13•11 years ago
|
||
Marking this wontfix for b2g as well as it is sec-moderate. If needed,please nominate(tracking-b2g18) in case this would be more severe for b2g vs ESR to get this landed.
Updated•11 years ago
|
status-firefox18:
--- → affected
Whiteboard: [adv-main19-]
Updated•10 years ago
|
Group: core-security
Updated•8 months ago
|
Component: NSIS Installer → Installer
Product: Toolkit → Firefox
You need to log in
before you can comment on or make changes to this bug.
Description
•