From 117d8508c34632b7bd674d204c7b1addc734bca4 Mon Sep 17 00:00:00 2001
From: Cameron Gutman <aicommander@gmail.com>
Date: Thu, 12 Jun 2025 21:08:02 -0500
Subject: [PATCH] feature(security/windows): Add defense-in-depth measure for
 insecure system PATH configuration

If an administrator has configured their system insecurely by adding a
user-writeable path to the system-wide PATH variable, this can cause
apps running as admin to load DLLs planted in this directory.

While the root cause is clearly the misconfigured system, we can reduce
Sunshine's exposure to this by asking Windows not to search the PATH.

https://devblogs.microsoft.com/oldnewthing/20200420-00/?p=103685
---
 src/main.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/main.cpp b/src/main.cpp
index b91dedce722..7f71f7fbe9f 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -95,6 +95,10 @@ int main(int argc, char *argv[]) {
   task_pool_util::TaskPool::task_id_t force_shutdown = nullptr;
 
 #ifdef _WIN32
+  // Avoid searching the PATH in case a user has configured their system insecurely
+  // by placing a user-writable directory in the system-wide PATH variable.
+  SetDefaultDllDirectories(LOAD_LIBRARY_SEARCH_APPLICATION_DIR | LOAD_LIBRARY_SEARCH_SYSTEM32);
+
   setlocale(LC_ALL, "C");
 #endif