Hello Guest

[FIXED] Renaming OpenAL32.dll to lwjglaudio.dll again

  • 10 Replies
  • 12482 Views
*

Offline princec

  • *****
  • 1929
    • Puppygames
[FIXED] Renaming OpenAL32.dll to lwjglaudio.dll again
« on: August 18, 2010, 16:05:19 »
Recently I've come across a few buggered OpenAL installations that LWJGL picks up in preference to the library shipped LWJGL. It'd be better if this was impossible by virtue of using our own name for the OpenAL lib. Anybody else in favour?

Cas :)

*

Offline Matzon

  • *****
  • 2242
Re: Renaming OpenAL32.dll to lwjglaudio.dll again
« Reply #1 on: August 18, 2010, 19:47:15 »
we're forcefully loading the one in our directory ...  not sure how that can even happen?

*

Offline princec

  • *****
  • 1929
    • Puppygames
Re: Renaming OpenAL32.dll to lwjglaudio.dll again
« Reply #2 on: August 26, 2010, 11:29:32 »
Hm how forcefully? There are some quirks about how Windows loads dlls, particularly from the local directory, for which there are some specific APIs (just recently read about this on arstechnica as well). Are we using them?

Cas :)

*

Offline Matzon

  • *****
  • 2242
Re: Renaming OpenAL32.dll to lwjglaudio.dll again
« Reply #3 on: August 26, 2010, 16:18:00 »
heh, saw that article too and thought wtf, what a coincidence :)

However, to the best of my knowledge, we're not using that flag. However a user may specify the safe loading globally using a registry value. This could be what is happening.

I am not sure about the consequences of changing the name. Could possibly let it be a system property ?

*

Offline princec

  • *****
  • 1929
    • Puppygames
Re: Renaming OpenAL32.dll to lwjglaudio.dll again
« Reply #4 on: August 26, 2010, 18:58:42 »
A system property would be good. I reckon something like -Dorg.lwjgl.openal.library=./OpenAL32.dll etc. would do the trick. That'd be used first before it went off and did its usual path searching.

Cas :)

*

Offline Matzon

  • *****
  • 2242
Re: Renaming OpenAL32.dll to lwjglaudio.dll again
« Reply #5 on: August 26, 2010, 19:49:14 »
I was actually thinking about a property specifying a name for the dll - not the path. I am pretty sure that the safe dll loading mechanisms also mean that .\OpenAL32.dll == OpenAL32.dll - I could be wrong tho.

Fwiw, we should consider renaming it entirely, since this could possibly be an issue for everyone (technically, only for those that have the safe loading activated AND OpenAL32.dll installed in the System path). I just dont have an overview of the consequences of such a change. Moreover it would also mean that its not that obvious that the dll is OpenAL - if thats an issue...

*

Offline kappa

  • *****
  • 1313
Re: Renaming OpenAL32.dll to lwjglaudio.dll again
« Reply #6 on: September 13, 2010, 12:14:10 »
instead of using -Djava.library.path="" you could use the existing -Dorg.lwjgl.librarypath="" to set the path to the natives, it should have the most priority of all the methods iirc, the code attempts to load the natives only from there if that parameter is used.

If that works for you, lwjgl won't need any changes :)
« Last Edit: September 13, 2010, 12:48:48 by kappa »

*

Offline kappa

  • *****
  • 1313
Re: [RFE] Renaming OpenAL32.dll to lwjglaudio.dll again
« Reply #7 on: November 18, 2010, 15:03:33 »
@princec can you confirm if the above works for you?

Re: [RFE] Renaming OpenAL32.dll to lwjglaudio.dll again
« Reply #8 on: November 18, 2010, 17:45:11 »
Yeah, org.lwjgl.librarypath would be the best bet.  Renaming the dll to lwjglopenal wouldn't really do much in regards to that article; malicious hackers would then just either rename their own dll or drop two copies of the dll's (one named OpenAL and one named lwjglopenal).

A quick fix for Microsoft would be to just require admin privileges when dropping a dll somewhere.

This actually means that Java is (a tiny bit) safer than other languages in regard to this issue, as exe installers would install OpenAL into System32 and have their apps expect the dll being used is from there while Java programs usually ship the dll's in the current directory and use the JVM's way of finding it.  If you're using Web Start and have offline disabled, you're even safer.

Anyway, if someone is able to go into your system and drop a dll somewhere, you're pretty much screwed anyway.  If they're able to put a dll in the current directory of some software, they are able to do much, much worst, but decided not to for some reason.  Users nowadays should be aware of what they download and run and have some type of virus protection (unless they know how to use Linux properly)...
cool story, bro

*

Offline princec

  • *****
  • 1929
    • Puppygames
Re: [RFE] Renaming OpenAL32.dll to lwjglaudio.dll again
« Reply #9 on: November 18, 2010, 21:08:25 »
Sorry didn't spot that reply. I'm not in the least bit bothered about malicious hackers and renamed dlls, just broken ones that don't work, and unfortunately I've not got contact from anyone who has this problem, only logs recorded in my database of it happening. (Customers tend to just move on and forget about the game).

Well, I can always twiddle the source myself, it's no big deal.

Cas :)

*

Offline kappa

  • *****
  • 1313
Re: [RFE] Renaming OpenAL32.dll to lwjglaudio.dll again
« Reply #10 on: November 18, 2010, 21:16:55 »
k, i'll mark this as fixed then.