A SLAHP in the face of DLL Search Order Hijacking
Abstract
DLL Search Order Hijacking (also known as DLL Hijacking or DLL planting) is a problem that is generally overlooked by software developers even though its existence has been known for over a decade. While Microsoft has designed and implemented mitigations to reduce the feasibility and the impact of DLL Search Order Hijacking, this issue is worth being brought back up due to the recent adoption of user-writable directories as potential, and sometimes default, software installation paths (in lieu of directories like "Program Files" which require administration privileges by default) in order to improve installation success rates. We conducted a study on 48 different software programs (Top software on Sourceforge across 4 different categories and the 4 major web browsers) and found that more than 88% of them were vulnerable to some form of DLL Search Order Hijacking. To alleviate this issue, we propose SLAHP, a novel way of preventing DLL Search Order Hijacking exploitation in the form of a proof-of-concept implementation that is both easy to integrate with new and existing products by software developers and users. It is invisible to end users while still allowing the usage of previously insecure installation locations. To further demonstrate the usability of our solution, we conducted performance tests and found that its impact is mostly negligible.
Origin | Files produced by the author(s) |
---|---|
licence |