DMARC-Filter: OpenDMARC Filter v1.4.2 delorie.com 55C0wT9F4129360 Authentication-Results: delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com Authentication-Results: delorie.com; spf=pass smtp.mailfrom=cygwin.com DKIM-Filter: OpenDKIM Filter v2.11.0 delorie.com 55C0wT9F4129360 Authentication-Results: delorie.com; dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=cq7zmQlV X-Recipient: archive-cygwin@delorie.com DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org A74F13837522 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; s=default; t=1749689908; bh=FD7O36dfnOWVMw5ym86gaM/DLt9sWLj50B3Id+R/gAI=; h=Date:To:Subject:In-Reply-To:References:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=cq7zmQlVszRncXXoBkc3XZ7DrXyf5rb/ziGLdbrrz/WOZr96vzl8Qe95kroKmD4g4 c+etbuopmRegrSWaz42ExJl4oH5JD5e02Di/YlRTQfky5uTE1glDzNkaX7eXPTTQk3 Jech6c8Q0WyXYQt+13kt6IcpOcjPC2OJDbLp4LQM= X-Original-To: cygwin@cygwin.com Delivered-To: cygwin@cygwin.com DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 13E823837522 ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 13E823837522 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1749689841; cv=none; b=no5qLO1JCb5vyaa4P84qfhn6niegqux5n597k+8VYA5qsU89Vqf0qeOoHI7MjW10SwqTQRBHWRiUmtLO3FtgrpB1Ee4oU6evlTMJo4JLSpjbcJiJj25DUWQd7hxGgkhKTtIZkRz7cq/Y+V9EY/7Q0P9tlgVmhzl8eBx1A1mGr4w= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1749689841; c=relaxed/simple; bh=v+nI1YDM0qk31BrFbp9szVPNBDJ29898a6hAAjwmGIw=; h=DKIM-Signature:Date:From:To:Subject:Message-ID:MIME-Version; b=na880it3QFd6xL2u8jfGt5opJdnSpWyyWBEsiZdEHiOAgIbPQ0wDyC5h/QQvCOtkPmAlVkMX3ReVU4PqQY3ytHqhotg7Tpo+Fcr9pVZKQDVo8ckFtApvUw2v1fN9h4M+ImOgBtufnx1rsEensoRlgSKRrEVzpq7VBLji4L4ix6g= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 13E823837522 Date: Wed, 11 Jun 2025 17:57:20 -0700 (PDT) X-X-Sender: jeremyd@resin.csoft.net To: Sam Edge via Cygwin Subject: Re: Path prefix //./ in Cygwin In-Reply-To: <2fcf0555-2ea5-41d1-bd42-68fab89a189a@gmx.com> Message-ID: References: <93fd79f3-bb39-79c2-8e78-57c4af356e54@jdrake.com> <2fcf0555-2ea5-41d1-bd42-68fab89a189a@gmx.com> MIME-Version: 1.0 X-BeenThere: cygwin@cygwin.com X-Mailman-Version: 2.1.30 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Jeremy Drake via Cygwin Reply-To: Jeremy Drake Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: cygwin-bounces~archive-cygwin=delorie.com@cygwin.com Sender: "Cygwin" On Thu, 12 Jun 2025, Sam Edge via Cygwin wrote: > I would think that if you're building something against Cygwin, it's probably > best to assume it's POSIX where only forward-slash is special and not try to > second-guess. This is unsafe, and actually where the rust PR started out. If you only treat '/' as special, a program may be tricked into allowing path traversal with file/directory names like '..\..' or 'C:\Windows' which are not path traversing or absolute paths in POSIX. -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple