Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Set DependentLoadFlags for Mozc executables in Windows
Unlike explicit DLL linking scenario where a DLL is explicitly loaded with LoadLibrary API, which especially accepts a full path, implicit DLL linking relies only on a DLL filename (without directory name) and is known to be vulnerable to so-called DLL planting attack. To mitigate the above risk, Windows 10 ver. 1607 started recognizing the following DWORD entry in the PE file [1] as LOAD_LIBRARY_SEARCH_* flags when implicitly linking DLLs. IMAGE_LOAD_CONFIG_DIRECTORY64::DependentLoadFlags [2] IMAGE_LOAD_CONFIG_DIRECTORY64::DependentLoadFlags [3] For example, by setting LOAD_LIBRARY_SEARCH_SYSTEM32 only, we can tell the system to search "user32.dll" only from the system32 directory. For Mozc's case, most of what flags can be set differs between *.exe and *.dll. For *.exe files, they need to have not only LOAD_LIBRARY_SEARCH_SYSTEM32 but also LOAD_LIBRARY_SEARCH_APPLICATION_DIR so that these *.exe files can link to Visual C++ runtime DLLs that are installed in the same directory. *.dll files, however, are always statically linked to Visual C++ runtime libraries thus only LOAD_LIBRARY_SEARCH_SYSTEM32 is necessary. This commit adds '/DEPENDENTLOADFLAG' linker option to achieve the above settings. This is an optional security enforcement. There must be no user observable behavior change. Closes #836. [1]: https://learn.microsoft.com/en-us/windows/win32/debug/pe-format#file-headers [2]: https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-image_load_config_directory32 [3]: https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-image_load_config_directory64 PiperOrigin-RevId: 576767635
- Loading branch information