Skip to content

Native DLLs: only load imported DLLs from System32 #112359

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 12, 2025
Merged

Native DLLs: only load imported DLLs from System32 #112359

merged 1 commit into from
Feb 12, 2025

Conversation

@AustinWise
Copy link
Contributor

@AustinWise AustinWise commented Feb 10, 2025
edited
Loading

By using the /DEPENDENTLOADFLAG link.exe flag, we can tell the Windows loader to only look for referenced DLLs in the System32 directory. This prevents DLL injection, like #87495 fixed in 2023. This is a defense-in-depth change; it does not solve any known security problem.

This PR is a new version of #89311 which was merged in 2023 but reverted by #95540 shortly after. The reason the original PR was reverted is that link.exe did not support changing /DEPENDENTLOADFLAG when consuming PGO data ( internal Microsoft issue link ). It appears that issue has been fixed in the version of link.exe used to build .NET.

@ghost ghost added the needs-area-label An area label is needed to ensure this gets routed to the appropriate area owners label Feb 10, 2025
@dotnet-policy-service dotnet-policy-service bot added the community-contribution Indicates that the PR has been added by a community member label Feb 10, 2025
This was referenced Feb 10, 2025
Open
Open
Open
Open
Closed
Open
Closed
@AustinWise AustinWise marked this pull request as ready for review February 11, 2025 01:47
@jkotas jkotas added area-Infrastructure-coreclr and removed needs-area-label An area label is needed to ensure this gets routed to the appropriate area owners labels Feb 12, 2025
jkotas
jkotas approved these changes Feb 12, 2025
View reviewed changes
Copy link
Member

@jkotas jkotas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@jkotas jkotas merged commit bc72823 into dotnet:main Feb 12, 2025
150 of 154 checks passed
@dotnet-policy-service
Copy link
Contributor

Tagging subscribers to this area: @hoyosjs
See info in area-owners.md if you want to be subscribed.

grendello added a commit to grendello/runtime that referenced this pull request Feb 12, 2025
@grendello
Merge branch 'main' into dev/grendel/android-clr-host-local
21f8a18 
* main:
  [Android] Run CoreCLR functional tests on Android (dotnet#112283)
  [LoongArch64] Fix some assertion failures for Debug ILC building Debug NativeAOT testcases. (dotnet#112229)
  Fix suspicious code fragments (dotnet#112384)
  `__ComObject` doesn't support dynamic interface map (dotnet#112375)
  Native DLLs: only load imported DLLs from System32 (dotnet#112359)
  [main] Update dependencies from dotnet/roslyn (dotnet#112314)
  Update SVE instructions that writes to GC regs (dotnet#112389)
  Bring up android+coreclr windows build.  (dotnet#112256)
  Never use heap for return buffers (dotnet#112060)
  Wait to complete the test before releasing the agile reference. (dotnet#112387)
  Prevent returning disposed HTTP/1.1 connections to the pool (dotnet#112383)
  Fingerprint dotnet.js if writing import map to html is enabled (dotnet#112407)
  Remove duplicate definition of CORECLR_HOSTING_API_LINKAGE (dotnet#112096)
  Update the exception message to reflect current behavior. (dotnet#112355)
  Use enum for frametype not v table (dotnet#112166)
  Enable AltJits build for LoongArch64 and RiscV64 (dotnet#110282)
  Guard members of MonoType union & fix related bugs (dotnet#111645)
  Add optional hooks for debugging OpenSSL memory allocations (dotnet#111539)
  JIT: Optimize struct parameter register accesses in the backend (dotnet#110819)
  NativeAOT: Cover more opcodes in type preinitializer (dotnet#112073)
@AustinWise AustinWise deleted the austin/DllLoading branch February 12, 2025 17:40
@jkotas jkotas mentioned this pull request Feb 27, 2025
Merged
@AustinWise AustinWise mentioned this pull request Mar 5, 2025
Closed
@github-actions github-actions bot locked and limited conversation to collaborators Mar 15, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@jkotas jkotas jkotas approved these changes

Assignees

No one assigned

Labels

area-Infrastructure-coreclr community-contribution Indicates that the PR has been added by a community member

Projects

Runtime Infra
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@AustinWise @jkotas