X-Recipient: archive-cygwin@delorie.com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:subject
	:references:in-reply-to:content-type:content-transfer-encoding;
	 q=dns; s=default; b=W8LFBFQYfiTiKdD65BQZGeRXw9wjdf/RSt3D+pFRHUx
	RQ8+2yBVgH/1eMVELkGDOdkmVBj5s++OU8rA9DrvW7RW/TnhTkjcQZ7LUw/k1FcU
	pUzG7hHKvrVOaJPFh3x1OYI37Nawg62geZz5e04mIsqowSp1TiU8nDlZxTh0wSIs
	=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:subject
	:references:in-reply-to:content-type:content-transfer-encoding;
	 s=default; bh=XP9qmuz0tmlZnKTRR8kz2xT6Wac=; b=dEFv+R7QIS/S42RK/
	SQbx+pJ4adAiYUN82I3/kimNchTKy1JSKn6OfompLkD2S+OJwku/gvLN62w93Qn+
	a7/PVVHuPg2NcEc48miwOb9bq0U/2JiGPK43z9jr6EVCeAPb+FtiYwdVtuO0J5i0
	qPQCqURCONNmUKpmBh4H4EZo1M=
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW,RP_MATCHES_RCVD,SPF_PASS autolearn=ham version=3.3.2
X-HELO: mail.lysator.liu.se
Message-ID: <541698CC.7090802@lysator.liu.se>
Date: Mon, 15 Sep 2014 09:44:12 +0200
From: Peter Rosin <peda@lysator.liu.se>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: cygwin@cygwin.com
Subject: Re: Cannot exec() program outside of /bin if PATH is unset
References: <5413271B.1010109@t-online.de> <54134A83.80107@redhat.com> <54135451.3060902@t-online.de> <601154762.20140913012935@yandex.ru> <541378C4.6030705@t-online.de> <54137BDE.6040907@redhat.com> <54137C7F.1040507@redhat.com> <541415B1.8090500@t-online.de>
In-Reply-To: <541415B1.8090500@t-online.de>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

On 2014-09-13 12:00, Christian Franke wrote:
> Eric Blake wrote:
>> (by passing an actual safe path, and NOT by completely unsetting PATH).
>>
> 
> Disagree. The postfix master(8) spawns all of its daemons with PATH unset. This IMO does not violate POSIX.
> 
> Note that setting PATH=/bin on Cygwin does not fix the security problem in the DLL search order. Even with "SafeDllSearchMode" enabled, the current directory is always checked before PATH. Running some Cygwin program from /usr/sbin, /usr/local/bin, /usr/libexec, ... would load a possible malicious cyg*.dll from current directory regardless of PATH setting. Only programs in /bin are safe.
> 
> Using SetDllDirectory("c:\\cygwin\\bin") somewhere in cygwin1.dll would fix this also.

How could a call inside a DLL fix the library search order used
to find that same DLL? Yes, it is possible (or likely) that
SetDllDirectory fixes the immediate problem for processes that
are started *by* cygwin1.dll, but it is not effective for Cygwin
processes that are started by some direct use of the Win32 API.

Also, SetDllDirectory will kill all attempts to run 32-bit
Cygwin programs from 64-bit Cygwin (and vice versa).

Cheers,
Peter


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple