X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:reply-to:message-id:to:subject :in-reply-to:references:mime-version:content-type :content-transfer-encoding; q=dns; s=default; b=xz56z5Mg2yO7kRzZ hIOFIHrYE9s4jWsoharOsTZxIpUzGjDqWOb6PRxurd33O3n/s5qMs4zeQB1T49IV v/fplB2Hyubt5xp7syw2adPz2NruXlYmknBhAPz68HNdgl87wZoxAAKtaIIxiYx9 KA/q2iMAW6aKNUNB5NdDGpYH2ns= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:reply-to:message-id:to:subject :in-reply-to:references:mime-version:content-type :content-transfer-encoding; s=default; bh=ZQRZy2KQy3a5JPCtYgSx7S XlhDw=; b=s1Hc+CFUV3jxm/q5xDY2rfm7vNDPeX4WNBmLmUmqYG7BvHTpbO5xbW BB0TjytL13oE1eXzeJx3GsfVF+6yG8xw7YP6GTbO5S+mui40g9cwN9Hko4hjVN4S kr3/fXBv+jjg0jFofUf2W2QXbkEYsLW0YVZ4hV+QnO8+m7aSV1lao= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=3.5 required=5.0 tests=AWL,BAYES_50,FREEMAIL_FROM,KAM_THEBAT,SPF_SOFTFAIL autolearn=no version=3.3.2 X-HELO: smtpback.ht-systems.ru Date: Sat, 13 Sep 2014 01:29:35 +0400 From: Andrey Repin Reply-To: cygwin AT cygwin DOT com Message-ID: <601154762.20140913012935@yandex.ru> To: Christian Franke , cygwin AT cygwin DOT com Subject: Re: Cannot exec() program outside of /bin if PATH is unset In-Reply-To: <54135451.3060902@t-online.de> References: <5413271B DOT 1010109 AT t-online DOT de> <54134A83 DOT 80107 AT redhat DOT com> <54135451 DOT 3060902 AT t-online DOT de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Greetings, Christian Franke! >>> Enabling the SetDllDirectory() Win32 call fixes the problem. >>> Would possibly make sense to add this call to cygwin1.dll. >> That said, just because POSIX has already given us the >> get-out-of-jail-free card doesn't mean that we can't be nice and improve >> cygwin1.dll to try and help broken programs that unset PATH. > Hmm... is postfix actually broken? > Unsetting PATH is IMO sane (from the POSIX POV) if all exec() calls use > absolute path names. If all exec() calls are made with full paths, unsetting $PATH does not improve security in any way, but leave underlying system in an inconsistent state. As you've witnessed yourself. This is not limited to Cygwin1.dll, but to all other system DLL's that you might need to load. -- WBR, Andrey Repin (anrdaemon AT yandex DOT ru) 13.09.2014, <1:27> Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple