X-Recipient: archive-cygwin@delorie.com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 23EF53858C35
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1707485805;
	bh=6OtfBiny00Nv50nPjy50CWCrAn9J7wKdgkVuWQV5x/k=;
	h=Date:Subject:To:References:Cc:In-Reply-To:List-Id:
	 List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:
	 From:Reply-To:From;
	b=AL8YaFjpwbSMvnthi5nGnOKPEPKl5RpAhT9s4W0pA8Vze8Jk+xvdyqNfHr2y8aqPY
	 y25+bxeCZgmxAC69JFxSWFtpGnLbd1mVxiC/PVJEBnzdGKubfVyXQQhTPu5wwg6tt/
	 u365LIMurFRSrweSjQKeuhDiajsx3R1Wn4ttWdKA=
X-Original-To: cygwin@cygwin.com
Delivered-To: cygwin@cygwin.com
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org A85583858416
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org A85583858416
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1707485784; cv=none;
 b=w8qfjfS+uti1daQlgo69nR6hvo4KKIowSf+EtOCW9td1Noel+cU82rsJkJOh478ZesRxaCHbY+VTvqaqibPd+b7TipCULLkWUynNPaW9OrXt7GhcWelxtxN1FdjNooIb7qGSIubaQ+s0uq3x2qaYziXiI4dcI/bt2RyHoERPrjg=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1707485784; c=relaxed/simple;
 bh=h4m4Y+9jp4s8j3Mcn7OL70Xvtk5UW5LtCnKl8EG6180=;
 h=Message-ID:Date:MIME-Version:Subject:To:From;
 b=LoeGt8vqgHoAC8u2SnVGa9DCYct87LBRriw56WtBm4Gb5BH2mn7gGVQYwqBx1FkjW+ehO7+NlRUxb8URinH5OJ2CDs+NcNvPfJtSFPGY+432H7i5HZvuNziL8dX5ojSTUx0Na4IMb5D7T53sE4APwR7M2Nf2QyDcEvBeOKw8dKc=
ARC-Authentication-Results: i=1; server2.sourceware.org
X-SNCR-Rigid: 6577B5E307874E11
X-Originating-IP: [86.140.112.71]
X-OWM-Source-IP: 86.140.112.71
X-OWM-Env-Sender: jon.turney@dronecode.org.uk
X-VadeSecure-score: verdict=clean score=0/300, class=clean
X-RazorGate-Vade: gggruggvucftvghtrhhoucdtuddrgedvledrtdeigdehfecutefuodetggdotefrodftvfcurfhrohhfihhlvgemuceutffkvffkuffjvffgnffgvefqofdpqfgfvfenuceurghilhhouhhtmecufedtudenucenucfjughrpefkffggfgfuvfhfhfevjggtgfesthejredttddvjeenucfhrhhomheplfhonhcuvfhurhhnvgihuceojhhonhdrthhurhhnvgihsegurhhonhgvtghouggvrdhorhhgrdhukheqnecuggftrfgrthhtvghrnhepgfeghfdvvdeijeettdfgleetffetfedtuefgfeevhedthefgffelfeethfdvleffnecuffhomhgrihhnpegthihgfihinhdrtghomhenucfkphepkeeirddugedtrdduuddvrdejudenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhephhgvlhhopegludelvddrudeikedruddruddtlegnpdhinhgvthepkeeirddugedtrdduuddvrdejuddpmhgrihhlfhhrohhmpehjohhnrdhtuhhrnhgvhiesughrohhnvggtohguvgdrohhrghdruhhkpdhnsggprhgtphhtthhopedvpdhrtghpthhtoheptgihghifihhnsegthihgfihinhdrtghomhdprhgtphhtthhopehkrgiisehkhihlhhgvkhhurdgtohhmpdhrvghvkffrpehhohhsthekiedqudegtddqudduvddqjedurdhrrghnghgvkeeiqddugedtrdgsthgtvghnthhrrghlphhluhhsrdgtohhmpdgruhhthhgpuhhsvghrpehjohhnthhurhhnvgihsegsthhinhhtvghrnhgvthdrtghomhdpghgvohfkrfepifeu
 pdfovfetjfhoshhtpehrvgdqphhrugdqrhhgohhuthdqtddtvd
X-RazorGate-Vade-Verdict: clean 0
X-RazorGate-Vade-Classification: clean
Message-ID: <3391e2e4-da0e-4985-9ec3-a6639f497db9@dronecode.org.uk>
Date: Fri, 9 Feb 2024 13:36:18 +0000
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Updated: setup (2.930)
To: Kaz Kylheku <kaz@kylheku.com>
References: <6a25c776-98bb-4240-8a57-7081324c5a05@dronecode.org.uk>
 <23db00778577ab0853fe1026befb9fe8@kylheku.com>
Content-Language: en-GB
Cc: cygwin@cygwin.com
In-Reply-To: <23db00778577ab0853fe1026befb9fe8@kylheku.com>
X-Spam-Status: No, score=-1.8 required=5.0 tests=BAYES_00, JMQ_SPF_NEUTRAL,
 KAM_DMARC_STATUS, RCVD_IN_DNSWL_NONE, SPF_HELO_PASS, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: cygwin@cygwin.com
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin>,
 <mailto:cygwin-request@cygwin.com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-request@cygwin.com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request@cygwin.com?subject=subscribe>
From: Jon Turney via Cygwin <cygwin@cygwin.com>
Reply-To: Jon Turney <jon.turney@dronecode.org.uk>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: cygwin-bounces+archive-cygwin=delorie.com@cygwin.com
Sender: "Cygwin" <cygwin-bounces+archive-cygwin=delorie.com@cygwin.com>

On 09/02/2024 02:17, Kaz Kylheku via Cygwin wrote:
> 
> I see the commit: https://cygwin.com/cgit/cygwin-apps/setup/commit/?id=0122154811bacdd7dc042cff0c80bb0a36af360c
> 
> I'm curious, what improvement arises out of looking up the SetDefaultDllDirectories
> function dynamically in kernel32.dll?
> 
> Is it the case that malicious software can interpose itself somehow such that
> the statically linked SetDefaultDllDirectories call goes elsewhere other than
> kernel32.dll, which we can thwart by asking for the genuine article in kernel32.dll?

You're looking at the wrong commit there.

The dynamic lookup merely ensures that setup continues to work at all on 
Windows versions (<6.0), which don't support that function.

Instead look at:

https://cygwin.com/cgit/cygwin-apps/setup/commit/?id=86c0ada12dce4403a9b796380fde9e5c1824734f


-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple