From 9db11a906167bd962e57896223d7b9718058aeb2 Mon Sep 17 00:00:00 2001
From: Cameron Gutman <aicommander@gmail.com>
Date: Thu, 12 Jun 2025 22:11:03 -0500
Subject: [PATCH] feat(security/windows): Add defense-in-depth measure for
 insecure system PATH configuration (#3971)

feature(security/windows): Add defense-in-depth measure for insecure system PATH configuration

If an administrator has configured their system insecurely by adding a
user-writeable path to the system-wide PATH variable, this can cause
apps running as admin to load DLLs planted in this directory.

While the root cause is clearly the misconfigured system, we can reduce
Sunshine's exposure to this by asking Windows not to search the PATH.

https://devblogs.microsoft.com/oldnewthing/20200420-00/?p=103685
---
 src/main.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/main.cpp b/src/main.cpp
index b91dedce7..7f71f7fbe 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -95,6 +95,10 @@ int main(int argc, char *argv[]) {
   task_pool_util::TaskPool::task_id_t force_shutdown = nullptr;
 
 #ifdef _WIN32
+  // Avoid searching the PATH in case a user has configured their system insecurely
+  // by placing a user-writable directory in the system-wide PATH variable.
+  SetDefaultDllDirectories(LOAD_LIBRARY_SEARCH_APPLICATION_DIR | LOAD_LIBRARY_SEARCH_SYSTEM32);
+
   setlocale(LC_ALL, "C");
 #endif