1. 05 Apr, 2016 4 commits
  2. 04 Apr, 2016 16 commits
  3. 03 Apr, 2016 12 commits
  4. 02 Apr, 2016 7 commits
  5. 01 Apr, 2016 1 commit
    • Brad Fitzpatrick's avatar
      runtime, syscall: only search for Windows DLLs in the System32 directory · 683448a3
      Brad Fitzpatrick authored
      Make sure that for any DLL that Go uses itself, we only look for the
      DLL in the Windows System32 directory, guarding against DLL preloading
      attacks.
      
      (Unless the Windows version is ancient and LoadLibraryEx is
      unavailable, in which case the user probably has bigger security
      problems anyway.)
      
      This does not change the behavior of syscall.LoadLibrary or NewLazyDLL
      if the DLL name is something unused by Go itself.
      
      This change also intentionally does not add any new API surface. Instead,
      x/sys is updated with a LoadLibraryEx function and LazyDLL.Flags in:
          https://golang.org/cl/21388
      
      Updates #14959
      
      Change-Id: I8d29200559cc19edf8dcf41dbdd39a389cd6aeb9
      Reviewed-on: https://go-review.googlesource.com/21140Reviewed-by: default avatarRuss Cox <rsc@golang.org>
      Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
      TryBot-Result: Gobot Gobot <gobot@golang.org>
      683448a3