Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-44233

Default QCoreApplication::libraryPaths insecure?

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Not Evaluated
    • Resolution: Duplicate
    • Affects Version/s: 5.3.2
    • Fix Version/s: None
    • Component/s: Core: Other
    • Labels:
      None

      Description

      It appears that the first entry in QCoreApplication::libraryPaths() is the path to Qt installation directory on the build machine. For example, on my machine this is C:/Qt/5.3/msvc2013_64_opengl/plugins.

      Is this a security risk? What happens if I create a malicious DLL named C:/Qt/5.3/msvc2013_64_opengl/plugins/qwindows.dll on a target machine which happens to run my application?

        Attachments

          Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-15234 Qt hard-codes paths in libraries/binaries

          • P2: Important - Urgent, should be fixed, but will not stop the release.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            Activity

              People

              Assignee:
              thiago Thiago Macieira
              Reporter:
              gerald.combs Gerald Combs
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Gerrit Reviews

                  There are no open Gerrit changes