Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RFC: win,dl: remove cwd from dlopen search path #3857

Open
wants to merge 1 commit into
base: v1.x
Choose a base branch
from
Open

RFC: win,dl: remove cwd from dlopen search path #3857

wants to merge 1 commit into from

Conversation

vtjnash
Copy link
Member

@vtjnash vtjnash commented Dec 12, 2022

SafeSearch (enabled by default) already moves this near the end of the search list. This flag (added in Windows 8) removes it entirely. This may enhance security of applications that depend on libuv, at the high risk of breaking applications that expected to be able to open libraries by a relative path without a path separator (e.g. just the file name).

I recommend against this, since it would deviate from the behavior of other systems, but opened this for comments, since cpython appear to have recently decided that this was a good idea: python/cpython@2438cdf#diff-cd9132e5234678864807ae34a75c5d4d6b894b31c327a4d3620fbd0c37eec16e

@vtjnash
win,dl: remove cwd from dlopen search path
6db87d6 
SafeSearch (enabled by default) already moves this near the end of the
search list. This flag (added in Windows 8) removes it entirely. This
may enhance security of applications that depend on libuv, at the high
risk of breaking applications that expected to be able to open
libraries by a relative path without a path separator (e.g. just the
file name).
@vtjnash vtjnash changed the title win,dl: remove cwd from dlopen search path RFC: win,dl: remove cwd from dlopen search path Dec 12, 2022
@vtjnash
Copy link
Member Author

vtjnash commented Dec 12, 2022

D:\a\libuv\libuv\src\win\dl.c(44,73): error C2065: 'LOAD_LIBRARY_SAFE_CURRENT_DIRS': undeclared identifier

The build is currently having issues with this, since the header is gated on NTDDI_VERSION >= NTDDI_WIN10_RS1, and it is unclear if it was added then or documented then

But however, in further research, I realized that this flag would enable the default behavior of linux and mac (if restrictions are enabled for the process https://developer.apple.com/forums/thread/706437). Therefore I withdraw my recommendation against this, and instead do recommend consideration of this change.

@vtjnash vtjnash mentioned this pull request Dec 12, 2022
Open
bnoordhuis
bnoordhuis approved these changes Dec 14, 2022
View reviewed changes
Copy link
Member

@bnoordhuis bnoordhuis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems like a good change but I'm curious: would this break require('addon.node') in node? I assume it doesn't because node turns it into an absolute path first.

(A .node file is a DLL with a different file extension.)

@vtjnash
Copy link
Member Author

vtjnash commented Dec 15, 2022

linux does not have cwd in the dlopen lookup, so unless node is doing something special for windows, it seems unlikely to make a difference to that

@bnoordhuis
Copy link
Member

FWIW, still seems like a good change to me.

@vtjnash
Copy link
Member Author

vtjnash commented Jan 21, 2023

It appears the main challenge will be that it was added only 7 years ago, in the first anniversary update to Windows 10 https://en.wikipedia.org/wiki/Windows_10_version_1607

bnoordhuis
bnoordhuis reviewed Jan 5, 2024
View reviewed changes
src/win/dl.c
@@ -40,7 +41,8 @@ int uv_dlopen(const char* filename, uv_lib_t* lib) {
return uv__dlerror(lib, filename, GetLastError());
}

lib->handle = LoadLibraryExW(filename_w, NULL, LOAD_WITH_ALTERED_SEARCH_PATH);
flags = LOAD_WITH_ALTERED_SEARCH_PATH | LOAD_LIBRARY_SAFE_CURRENT_DIRS;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
flags = LOAD_WITH_ALTERED_SEARCH_PATH | LOAD_LIBRARY_SAFE_CURRENT_DIRS;
flags = LOAD_WITH_ALTERED_SEARCH_PATH | /*LOAD_LIBRARY_SAFE_CURRENT_DIRS*/0x2000;

And retry without the flag if LoadLibraryEx fails with (I assume) ERROR_INVALID_PARAMETER or ERROR_INVALID_FLAGS?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bnoordhuis bnoordhuis bnoordhuis approved these changes

@santigimeno santigimeno santigimeno approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@vtjnash @bnoordhuis @santigimeno