 rcdaileyDragoonflyPremium
join:2005-03-29
Rialto, CA | reply to w8sdz
Re: Insecure Loading of Dynamic Link Libraries in Google Chrome You seem to have discovered what I found, but I wonder about that "-1" that OZO mentioned. Looking at the file explaining the patch, it seems to me that a "-1" value for the dword would cause Windows to use the default search path, because a "-1" would be "no key or other values" as explained in the document. Anyway, 0xFFFFFFFF does appear to remove the CWD from the search path, but that must mean that Chrome uses the CWD as a place to put a copy of avutil-50.dll.
--
Human nature abhors an empty closet. |
|
 w8sdz
join:2001-05-21
Port Orange, FL | said by rcdailey:You seem to have discovered what I found, but I wonder about that "-1" that OZO mentioned. I should have been more explicit. I used 0xFFFFFFFF, not -1.
0xFFFFFFFF does appear to remove the CWD from the search path, but that must mean that Chrome uses the CWD as a place to put a copy of avutil-50.dll.
I agree. It means that Chrome did not adhere to Microsoft's documentation on how to safely load DLLs.
--
73 de w8sdz - sip:271752@us.voxalot.com
|
|
rcdaileyDragoonflyPremium
join:2005-03-29
Rialto, CA
1 edit | The other thing this taught me that if I want the patch to work, I have to put into each user account separately. I'm thinking about putting it into the Administrator account, too.
Well, I checked the Administrator account in Safe mode and the Dword value was already there, probably because I had entered it in the other administrator account that I use. Ain't the registry wonderful 
--
Human nature abhors an empty closet. |
|
