On Tuesday 10 September 2013 10:58:34 Jan Kundrát wrote: > On Saturday, 7 September 2013 10:15:47 CEST, Pali Rohár wrote: > > Really why is problem first trying to load plugins from > > executable directory? > > Security. The idea is that once you include "." (or any > variant thereof, or even an empty strings which is the same > for the linker) in the search path for libraries, you now > give the attacker a trivial way to execute code. > > Cheers, > Jan
It is not current working directory, but current directory where is application stored. And I can use same "security" arguement also for any path (relative or full) which depends on system (like application install directory or application plugin directory). Attacker can store his code in plugin directory path and application will execute it. Your argument make sense for current working directory (from which is application started) - which can changed for attacker but not for application directory where is stored - which attacker cannot change by starting that application with some flags/commands/settings. -- Pali Rohár pali.ro...@gmail.com
signature.asc
Description: This is a digitally signed message part.
