This is the mail archive of the
cygwin-developers
mailing list for the Cygwin project.
Re: DLL hijacking problem
On Aug 28 09:36, Lee wrote:
> On 8/28/10, Corinna Vinschen wrote:
> > On Aug 28 08:35, Lee wrote:
> >> Would cygwin1.dll still be loaded from the directory from which the
> >> application loaded or would I have to put a copy of cygwin1.dll into
> >> whatever GetSystemDirectory resolves to?
> >
> > Copying cygwin1.dll to the system directory was never correct, contains
> > to be so, and has nothing to do with the actual DLL hijacking problem.
>
> Sorry - I thought an example of the DLL hijacking problem was if I had
> extension "foo" registered to be [processed? loaded?] by foo.exe and I
> doubleclicked on "datafile.foo" in windows explorer.
The security problem is not about DLLs in the same dir as the EXE, it's
about the CWD which is in the DLL search path.
> If foo.exe was built using cygwin, I have a c:\foo\foo.exe and
> c:\foo\cygwin1.dll and I double-click on Z:\datafile.foo in windows
> explorer ... my program still works after this patch is applied?
Yes.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Red Hat