[Development] New Qt vulnerabilities
Dominik Holland
dominik.holland at qt.io
Thu Jan 30 12:14:13 CET 2020
Am 30.01.20 um 12:05 schrieb Olivier Goffart:
> On 30/01/20 11:30, Dominik Holland wrote:
>> Doesn't the first fix break the standard way of deploying plugins on
>> windows ? I'm also not sure why this shouldn't affect windows ?
>>
>> Most applications using Qt on windows just deploy their plugins in the
>> folder next to the binary. Same like all dlls needed for the binary...
>>
>> I see how this fixes the security problem when Qt comes from the system
>> and you cannot write to that location, but for all other cases it won't
>> change anything ?
>>
>> Sorry if i missed something very obvious
>
> $PWD is not the same as the binary dir
> (QCoreApplication::applicationDirPath)
> The later is still searched while looking for plugin. (so that covers
> the case where plugin is in the folder next to the binary)
>
> But I am also not sure why Windows is not affected.
>
Ahh, yeah, sorry. Excluding $PWD makes sense to me, as long as
QCoreApplication::applicationDirPath is still part of the search path.
More information about the Development
mailing list