Cannot exec() program outside of /bin if PATH is unset
Christian Franke
Christian.Franke@t-online.de
Wed Oct 8 17:16:00 GMT 2014
Corinna Vinschen wrote:
> On Sep 15 16:35, Christian Franke wrote:
>> ...
> I'm somewhat reluctant to add a call to SetDllDirectory to the Cygwin
> DLL for two reasons.
>
> - Calling SetDllDirectory with an explicit dir doesn't just add this dir
> to the search path, it also removes the CWD from the search path.
> While I agree that this is a good thing from a security POV, can we be
> sure that this behaviour isn't needed somewhere, by somebody?
>
> - The fact that SetDllDirectory affects searching linked DLLs in calls
> to CreateProcess is undocumented. Per the original MSDN pages,
> SetDllDirectory affects calls to LoadLibrary and LoadLibraryEx, but
> not linked DLLs when starting a child process. The latter is only
> mentioned in a Community Addition:
>
> http://msdn.microsoft.com/en-us/library/windows/desktop/ms686203%28v=vs.85%29.aspx
>
> Having said that, we can certainly test this, but I'm wondering
> if an upstream Cygwin patch might be ok. Something similar has been
> applied to the portable OpenSSH repository years ago, so there's
> precedent.
We could leave this open for now. I already added an easy workaround to
postfix
(add PATH=/usr/bin to import/export_environment default settings).
Christian
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list