renun/Sunshine
1
0
Fork 0
mirror of https://github.com/LizardByte/Sunshine.git synced 2025-08-10 00:52:16 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat(security/windows): Add defense-in-depth measure for insecure system PATH configuration (#3971)

Browse Source 
feature(security/windows): Add defense-in-depth measure for insecure system PATH configuration

If an administrator has configured their system insecurely by adding a
user-writeable path to the system-wide PATH variable, this can cause
apps running as admin to load DLLs planted in this directory.

While the root cause is clearly the misconfigured system, we can reduce
Sunshine's exposure to this by asking Windows not to search the PATH.

https://devblogs.microsoft.com/oldnewthing/20200420-00/?p=103685
This commit is contained in:
Cameron Gutman
2025-06-12 22:11:03 -05:00
committed by GitHub
parent 1e082ab790
commit 9db11a9061
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/main.cpp
View File

@@ -95,6 +95,10 @@ int main(int argc, char *argv[]) {
task_pool_util::TaskPool::task_id_t force_shutdown = nullptr;
#ifdef _WIN32
// Avoid searching the PATH in case a user has configured their system insecurely
// by placing a user-writable directory in the system-wide PATH variable.
SetDefaultDllDirectories(LOAD_LIBRARY_SEARCH_APPLICATION_DIR | LOAD_LIBRARY_SEARCH_SYSTEM32);
setlocale(LC_ALL, "C");
#endif