As the title states, is there a way to prevent DLL injections in jpackage generated binaries? I have created an EXE for a JavaFX application. During security testing of this application, it was noticed that arbitrary DLLs can be loaded during execution of the application.
Some remediation steps were mentioned such as:
- Use of
SearchPathto identify location of library or component - Use of
LoadLibraryto identify OS version - Use fully qualified paths for all
LoadLibrary,ShellExecuteandCreateProcesscalls where possible - Implement calls to
SetDllDirectorywith an empty string to remove current working directory from default DLL search order where required - Sign executable files and verify signature before executing EXE or DLL files
If my code used any of the above calls directly, I could control it. But is there any way to control these after the files have been generated?
P.S. I use JDK 16 and the Badass Runtime Plugin to generate the EXE via a Gradle task
