Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT sources DOT redhat DOT com Delivered-To: mailing list cygwin AT sources DOT redhat DOT com Message-ID: <008701c01785$3c26f850$f7c723cb@lifelesswks> From: "Robert Collins" To: "David A. Cobb" Cc: References: <17B78BDF120BD411B70100500422FC6309E0C7 AT IIS000> <002501c016b3$0ea0f340$f7c723cb AT lifelesswks> <39B56AF5 DOT 6576BDAE AT home DOT com> Subject: Re: DLL naming conventions Date: Wed, 6 Sep 2000 09:04:13 +1100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.3018.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300 ----- Original Message ----- From: "David A. Cobb" To: "Robert Collins" Cc: Sent: Wednesday, September 06, 2000 8:51 AM Subject: Re: DLL naming conventions > Robert Collins wrote: > > > There a path trick used in system integration on *metaframe/ NT Terminal > > Server* machines to keep dll hell to a minimum - I just remembered it... > > > > adding (windows path format) .\bin;..\bin;..\..\bin; to the front if your > > path allowed different applications to find different versions of dlls with > > the same name, the installer just moved the customised .dll to the farthest > > point in the path that did cause issues... > > > > maybe a similar trick could help? Although it doesn't get round the > > in-mmeory issue for win9x/nt 4.0 workstation & server > > > > And I responded enthusiastically, at first glance. However, having "./" at > the front of the $PATH is also a well-known security trapdoor: User enters name > of a "system" script X which uses command Y; user replaces Y with a script in > her local directory; Y runs in a context (say su) where it can do some damage. yes I recall that... what prevents a user writing a well know script to c:\windows\system on win9x? also I'm not suggestign "./", rather "./bin" which may well introduce the same issue... but ignoring 9x (as above) within a users directory on NT with ntsec only that user or an admin should be placing new files.. So user knows what is there unless they are downloading tars that put things in funny locations, without checking the contents (which is a bigger risk IMHO). Imagine putting a compromised bash 'upgrade' on your system... I think given the platform, it's a minor issue. But anyway it doesnt tackle in-memory .dll's so it's a moot point. > -- > David A. Cobb, Software Engineer, Public Access Advocate > "Don't buy or use crappy software" > "By the grace of God I am a Christian man, > by my actions a great sinner" -- The Way of a Pilgrim [R. M. French, tr.] > > > Rob -- Want to unsubscribe from this list? Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com