Re: Emacs master, security concernes, ms-windows

[Andy Moreton]

On Thu 14 Sep 2017, Fabrice Popineau wrote:

> Since there seems to be a lot of concerns wrt to security,
> I am submitting the attached patch.
>
> The reason for this patch is to limit the search for dlls loaded at
> runtime to the win32 system directory and/or the emacs application
> directory.
> In the current state, dlls can be picked up in any directory in the path.
> Some one could fake one of these dlls (xpm, png, etc.) and use it for
> mean reasons.
> It is not bullet proof, but it levels up security and
> many other projects have applied such a restriction.

Restricting the path used to locate DLLs is reasonable, but this is too
strict.

For an emacs built from source and run from the build tree (i.e. not
installed), this requires copying all of the distro DLLs to the emacs
build directory, and keeping them up to date.

Also note that the patch uses LOAD_LIBRARY_SEARCH_* flags, which won't
work at all on Windows XP, or on newer Windows versions that do not have
the correct updates installed. See:

Dynamic-Link Library Security:
https://msdn.microsoft.com/en-us/library/windows/desktop/ff919712(v=vs.85).aspx

Dynamic-Link Library Search Order:
https://msdn.microsoft.com/en-us/library/windows/desktop/ms682586(v=vs.85).aspx

LoadLibraryEx:
https://msdn.microsoft.com/en-us/library/windows/desktop/ms684179(v=vs.85).aspx

    AndyM