This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: report security problem

On Nov  5 17:45, houjingyi wrote:
> fhandler_console::create_invisible_console_workaround in
> newlib-cygwin\winsup\cygwin\ will call CreateProcessW to
> create a new hidden process. According to CreateProcessW documention:
> The lpApplicationName parameter can be NULL. In that case, the module name
> must be the first white space–delimited token in the lpCommandLine string.
> If you are using a long file name that contains a space, use quoted strings
> to indicate where the file name ends and the arguments begin; otherwise,
> the file name is ambiguous. For example, consider the string "c:\program
> files\sub dir\program name". This string can be interpreted in a number of
> ways. The system tries to interpret the possibilities in the following
> order:
> c:\program.exe
> c:\program files\sub.exe
> c:\program files\sub dir\program.exe
> c:\program files\sub dir\program name.exe
> Unfortunately fhandler_console::create_invisible_console_workaround did not
> use quote. This problem can be triggered by many ways since
> the component was used by other softwares. I can confirm it can at least be
> triggered by git( Just create program.exe
> and put it to C:\problem.exe, git-bash.exe creates process mintty.exe,
> mintty.exe loads msys-2.0.dll which contains the vulnerable code and
> program.exe get executed(I will inform git too).

Thanks for the report.  I pushed a patch;a=commitdiff;h=530b866c8e47

and created new developer snapshots.  Please give the today's
snapshot from a try.


Corinna Vinschen
Cygwin Maintainer

Attachment: signature.asc
Description: PGP signature

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]