On Sun, Dec 19, 2010 at 14:06, Craig Ringer <craig@postnewspapers.com.au> wrote:
> On 19/12/2010 8:05 PM, Magnus Hagander wrote:
>
>> Actually, looking through it again just before commit, I can't help
>> but think the whole code about loading the DLL from different places
>> is unnecessary. The windows DLL search order *always* has the
>> directory of the EXE first, followed by either system dirs or CWD
>> depending on version.
>>
>> Any reason not to just call LoadLibrary once?
>
> Good point. The program directory was added to the DLL search path with
> Windows XP. On any Windows version that Pg targets you can trust Windows to
> load a DLL from the app dir before system32. We don't really care about
> win2k/nt4 or 9x, where this is necessary.
>
> It's not a security concern for the reasons already outlined in the comments
> in the patch - in brief, because Pg keeps the cwd inside the datadir, and if
> someone can write malicious files in there you have big problems already. If
> it was a security concern our fallback would be an attempt to load
> %WINDIR%\system32\dbghelp.dll by full path, rather than using an unqualified
> name to search the path.
>
> So: I agree. We should just let Windows find dbghelp.dll on the normal
> search path; building an explicit path isn't necessary.
I've committed the version that does this.
Thanks!
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/