syscall: modest improvement to Windows DLL-preloading protection #29335
Labels
compiler/runtime
Issues related to the Go compiler and/or runtime.
NeedsDecision
Feedback is required from experts, contributors, and/or the community before a change can be made.
OS-Windows
Security
Milestone
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
yes
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
I'm looking into protecting my project from DLL-preloading attacks. Many of the vendored libraries I use use the syscall/windows LoadDLL call rather than the safer x/sys/windows LazySystemDLL method.
I note that syscall/windows LoadDLL has some limited protection for a preset list of system DLLs via sysdll.IsSystemDLL . However this is case-sensitive, when LoadLibrary etc. are case insensitive. Therefore:
windows.LoadDLL("advapi32.dll")
is protected butwindows.LoadDLL("Advapi32.dll")
is notA simple tweak would be to string.ToUpper in sysdll.Add and string.ToUpper in the check in LoadDLL
The text was updated successfully, but these errors were encountered: