Mailing-List:	contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin/>
List-Post:	<mailto:cygwin AT sources DOT redhat DOT com>
List-Help:	<mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-owner AT sources DOT redhat DOT com
Delivered-To:	mailing list cygwin AT sources DOT redhat DOT com
Message-ID:	<008701c01785$3c26f850$f7c723cb@lifelesswks>
From:	"Robert Collins" <robert DOT collins AT itdomain DOT com DOT au>
To:	"David A. Cobb" <superbiskit AT home DOT com>
Cc:	<cygwin AT sources DOT redhat DOT com>
References:	<17B78BDF120BD411B70100500422FC6309E0C7 AT IIS000> <002501c016b3$0ea0f340$f7c723cb AT lifelesswks> <39B56AF5 DOT 6576BDAE AT home DOT com>
Subject:	Re: DLL naming conventions
Date:	Wed, 6 Sep 2000 09:04:13 +1100
MIME-Version:	1.0
X-Priority:	3
X-MSMail-Priority:	Normal
X-Mailer:	Microsoft Outlook Express 5.00.3018.1300
X-MimeOLE:	Produced By Microsoft MimeOLE V5.00.3018.1300

----- Original Message -----
From: "David A. Cobb" <superbiskit AT home DOT com>
To: "Robert Collins" <robert DOT collins AT itdomain DOT com DOT au>
Cc: <cygwin AT sources DOT redhat DOT com>
Sent: Wednesday, September 06, 2000 8:51 AM
Subject: Re: DLL naming conventions


> Robert Collins wrote:
>
> > There a path trick used in system integration on *metaframe/ NT Terminal
> > Server* machines to keep dll hell to a minimum - I just remembered it...
> >
> > adding (windows path format) .\bin;..\bin;..\..\bin; to the front if
your
> > path allowed different applications to find different versions of dlls
with
> > the same name, the installer just moved the customised .dll to the
farthest
> > point in the path that did cause issues...
> >
> > maybe a similar trick could help? Although it doesn't get round the
> > in-mmeory issue for win9x/nt 4.0 workstation & server
> >
>
> And I responded enthusiastically, at first glance.  However, having "./"
at
> the front of the $PATH is also a well-known security trapdoor:  User
enters name
> of a "system" script X which uses command Y; user replaces Y with a script
in
> her local directory; Y runs in a context (say su) where it can do some
damage.

yes I recall that... what prevents a user writing a well know script to
c:\windows\system on win9x?

also I'm not suggestign "./", rather  "./bin" which may well introduce the
same issue... but ignoring 9x (as above) within a users directory on NT with
ntsec only that user or an admin should be placing new files.. So user knows
what is there unless they are downloading tars that put things in funny
locations, without checking the contents (which is a bigger risk IMHO).
Imagine putting a compromised bash 'upgrade' on your system...

I think given the platform, it's a minor issue. But anyway it doesnt tackle
in-memory .dll's so it's a moot point.


> --
> David A. Cobb, Software Engineer, Public Access Advocate
> "Don't buy or use crappy software"
> "By the grace of God I am a Christian man,
>  by my actions a great sinner" -- The Way of a Pilgrim [R. M. French, tr.]
>
>
>

Rob


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com

- Raw text -