Mitigate Against DLL Pre-Loading
When an application loads a shared library such as kvfilter.dll
or kvfilter.so
Mitigation on Windows
On Windows, you can use the kvfilter
import library, or manually load kvfilter.dll
with LoadLibrary. If you use the import library, you can mitigate against DLL pre-loading attacks by embedding a manifest in your executable so that Windows only searches for kvfilter.dll
in its expected location. For example:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <file name="kvfilter.dll" /> </assembly>
If you load kvfilter.dll
with LoadLibrary, you must use a fully qualified path to prevent Windows searching for the library in other locations.
Mitigation on Other Platforms
On other platforms, you can link against kvfilter.so
while building your application, or manually load it with dlopen. In either case, OpenText recommends that you use an absolute path to kvfilter.so
to prevent the OS or runtime linker searching for the library in other locations.