Skip to content

Commit

Permalink
Set DependentLoadFlags for Mozc executables in Windows
Browse files Browse the repository at this point in the history
Unlike explicit DLL linking scenario where a DLL is explicitly loaded
with LoadLibrary API, which especially accepts a full path, implicit DLL
linking relies only on a DLL filename (without directory name) and is
known to be vulnerable to so-called DLL planting attack.

To mitigate the above risk, Windows 10 ver. 1607 started recognizing the
following DWORD entry in the PE file [1] as LOAD_LIBRARY_SEARCH_* flags
when implicitly linking DLLs.

 IMAGE_LOAD_CONFIG_DIRECTORY64::DependentLoadFlags [2]
 IMAGE_LOAD_CONFIG_DIRECTORY64::DependentLoadFlags [3]

For example, by setting LOAD_LIBRARY_SEARCH_SYSTEM32 only, we can
tell the system to search "user32.dll" only from the system32 directory.

For Mozc's case, most of what flags can be set differs between *.exe
and *.dll.

For *.exe files, they need to have not only LOAD_LIBRARY_SEARCH_SYSTEM32
but also LOAD_LIBRARY_SEARCH_APPLICATION_DIR so that these *.exe files
can link to Visual C++ runtime DLLs that are installed in the same
directory.

*.dll files, however, are always statically linked to Visual C++ runtime
libraries thus only LOAD_LIBRARY_SEARCH_SYSTEM32 is necessary.

This commit adds '/DEPENDENTLOADFLAG' linker option to achieve the above
settings.

This is an optional security enforcement.  There must be no user
observable behavior change.

Closes #836.

 [1]: https://learn.microsoft.com/en-us/windows/win32/debug/pe-format#file-headers
 [2]: https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-image_load_config_directory32
 [3]: https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-image_load_config_directory64

PiperOrigin-RevId: 576767635
  • Loading branch information
yukawa authored and hiroyuki-komatsu committed Oct 26, 2023
1 parent 1d4c6bf commit 18d1bca
Showing 1 changed file with 16 additions and 1 deletion.
17 changes: 16 additions & 1 deletion src/gyp/common_win.gypi
Original file line number Diff line number Diff line change
Expand Up @@ -385,9 +385,24 @@
'OptimizeReferences': '2', # /OPT:REF
'RandomizedBaseAddress': '2', # /DYNAMICBASE
'target_conditions': [
# /TSAWARE is valid only on executable target.
['_type=="executable"', {
# /TSAWARE is valid only on executable target.
'TerminalServerAware': '2', # /TSAWARE
'AdditionalOptions': [
# We build *.exe with dynamic CRT and deploy CRT DLLs into the
# application dir. Thus LOAD_LIBRARY_SEARCH_APPLICATION_DIR is
# also necessary.
# 0x200: LOAD_LIBRARY_SEARCH_APPLICATION_DIR
# 0x800: LOAD_LIBRARY_SEARCH_SYSTEM32
'/DEPENDENTLOADFLAG:0xA00',
],
}, '_type=="shared_library"', {
'AdditionalOptions': [
# We build *.dll with staticd CRT. Thus
# LOAD_LIBRARY_SEARCH_APPLICATION_DIR is not necessary.
# 0x800: LOAD_LIBRARY_SEARCH_SYSTEM32
'/DEPENDENTLOADFLAG:0x800',
],
}],
],
},
Expand Down

0 comments on commit 18d1bca

Please sign in to comment.