forked from joejulian/gio
d2db4f68751d8b9cb273963f03bcf821f5add358
In order to avoid DLL preloading attacks, we should be careful about where we load DLLs from. These packages load graphics DLLs, which may be provided by the OS, by a graphics vendor, or even by individual applications. As such, we can't restrict loading them to just system32-provided paths. Instead, we invoke LoadLibraryEx [0] with the LOAD_LIBRARY_SEARCH_DEFAULT_DIRS path, which will search system32, application-defined paths, and the path of the primary application executable. This mode ignores the system %PATH% variable, which dramatically reduces the attack surface of malicious or unintended DLLs. Applications may add custom paths to the search list by calling the standard windows AddDllDirectory function [1] prior to attempting to initialize GL. Thanks to Mohsen Mirzakhani and Utkarsh Satya Prakash for bringing this to our attention. [0] https://learn.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-loadlibraryexa [1] https://learn.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-adddlldirectory Signed-off-by: Chris Waldon <christopher.waldon.dev@gmail.com>
Gio - https://gioui.org
Immediate mode GUI programs in Go for Android, iOS, macOS, Linux, FreeBSD, OpenBSD, Windows, and WebAssembly (experimental).
Installation, examples, documentation
Go to gioui.org.
Issues
File bugs and TODOs through the issue tracker or send an email to ~eliasnaur/gio@todo.sr.ht. For general discussion, use the mailing list: ~eliasnaur/gio@lists.sr.ht.
Contributing
Post discussion to the mailing list and patches to gio-patches. No Sourcehut account is required and you can post without being subscribed.
See the contribution guide for more details.
An official GitHub mirror is available.
Tags
Pre-1.0 tags are provided for reference only, and do not designate releases with ongoing support. Bugfixes will not be backported to older tags.
Tags follow semantic versioning. In particular, as the major version is zero:
- breaking API or behavior changes will increment the minor version component.
- non-breaking changes will increment the patch version component.
Description
Languages
Go
89.6%
C
7%
Java
1.7%
Objective-C
1.6%