[ros-dev] [ros-diffs] [cfinck] 33571: Check if the GetWindowsDirectory call succeeded and use PathAppend to prevent a buffer overflow, when WinDir + "\regedit.exe" > MAX_PATH

Alex Ionescu ionucu at videotron.ca
Mon May 19 10:11:09 CEST 2008


If GetWindowsDirectory fails, you have much worse issues to worry
about than executable redirection.

Also note that regedt32.exe is usually in the system32 directory, so
how is this a security/redirection issue exactly?

This implies someone would have to:

1) Give you a malware regedit.exe in directory foo
2) Give you the legitimate regedt32.exe in directory foo
3) Somehow convince you to:
3.1) Use regedt32 instead of regedit (few people even know this tool)
3.2) Launch regedt32 from this "foo" directory instead of using
start/run regedt32

The issue you're looking for just doesn't exist.

2008/5/19 FENG Yu Ning <fengyuning1984 at gmail.com>:
> On Sun, May 18, 2008 at 7:28 PM, Alex Ionescu <ionucu at videotron.ca> wrote:
>>
>> Last nitpick: if you can't get the windows directory, just
>> ShellExecute "regedit.exe" directly, as the code originally did --
>> this is the behavior on Windows, fyi.
>>
>
> Though it is the behavior on Windows, it is a bad thing, IMHO. There are
> already too many little viruses who pretend to be a system executable, say,
> explorer.exe, and they are placed in a (sub)directory of the windows
> directory to be shell executed. If we can't get the windows direcoty, we
> should let the user know, and give them the chance to fix it, instead of
> blindly execute anything.
> I used to suffer from those, and they were really annoying. Please consider
> being different from Windows in this and similar issues.
> MHO.
>
> _______________________________________________
> Ros-dev mailing list
> Ros-dev at reactos.org
> http://www.reactos.org/mailman/listinfo/ros-dev
>
>



--
Best regards,
Alex Ionescu



-- 
Best regards,
Alex Ionescu


More information about the Ros-dev mailing list