IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Windows vX.X Forum / Win 2003 to move Hell slightly to the right
Post #117,851
by FuManChu
Picture of FuManChu
9/15/03 12:40:02 PM
Reply
New Win 2003 to move Hell slightly to the right
DLL Hell, that is:

DLL Search Order Has Changed


No longer is the current directory searched first when loading DLLs! This change was also made in Windows XP SP1. The default behavior now is to look in all the system locations first, then the current directory, and finally any user-defined paths. This will have an impact on your code if you install a DLL in the application's directory because Windows Server 2003 no longer loads the 'local' DLL if a DLL of the same name is in the system directory. A common example is if an application won't run with a specific version of a DLL, an older version is installed that does work in the application directory. This scenario will fail in Windows Server 2003.

The reason this change was made was to mitigate some kinds of trojaning attacks. An attacker may be able to sneak a bad DLL into your application directory or a directory that has files associated with your application. The DLL search order change removes this attack vector.

The SetDllDirectory function, also available in Windows XP SP1, modifies the search path used to locate DLLs for the application and affects all subsequent calls to the LoadLibrary and LoadLibraryEx functions by the application.


from [link|http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure06122003.asp|http://msdn.microsof...ecure06122003.asp]

I can't wait for the vendor wars over system directory turf.
"There's a set of rules that anything that was in the world when you were born is normal and natural. Anything invented between when you were 15 and 35 is new and revolutionary and exciting, and you'll probably get a career in it. Anything invented after you're 35 is against the natural order of things."

Douglas Adams
Post #117,853
by folkert
Picture of folkert
9/15/03 1:08:29 PM
Reply
New Ahhh, let's build it...
Microsoft will bring the hookers and liquor...

As Bender would say... In Fact forget the Windows 2003 server.
--
[link|mailto:greg@gregfolkert.net|greg],
[link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ iwethey

On ward...
Post #117,855
by drewk
Picture of drewk
9/15/03 1:12:14 PM
Reply
New Unintended(?) consequences
Wouldn't that mean that if you want to install something that requires updating a DLL you'll have to have permission to overwrite the one in the system directory? So to still be able to install software as easily as people are used to, you will have to agree to overwrite system files and reboot after many more installs than you currently have to.

People will become accustomed to clicking 'Yes' when asked if they'd like to overwrite important system files. Worse security instead of better.
===

Implicitly condoning stupidity since 2001.
     Win 2003 to move Hell slightly to the right - (FuManChu) - (2) - Sept. 15, 2003, 12:40:02 PM EDT
         Ahhh, let's build it... - (folkert) - Sept. 15, 2003, 01:08:29 PM EDT
         Unintended(?) consequences - (drewk) - Sept. 15, 2003, 01:12:14 PM EDT

Absorbant and yellow and porous are we!
35 ms