Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-44233

Default QCoreApplication::libraryPaths insecure?

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • Not Evaluated
    • None
    • 5.3.2
    • Core: Other
    • None

    Description

      It appears that the first entry in QCoreApplication::libraryPaths() is the path to Qt installation directory on the build machine. For example, on my machine this is C:/Qt/5.3/msvc2013_64_opengl/plugins.

      Is this a security risk? What happens if I create a malicious DLL named C:/Qt/5.3/msvc2013_64_opengl/plugins/qwindows.dll on a target machine which happens to run my application?

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-15234 Qt hard-codes paths in libraries/binaries

          • P2: Important - Urgent, should be fixed, but will not stop the release.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              thiago Thiago Macieira
              gerald.combs Gerald Combs
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes