X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:reply-to:message-id:to:subject
	:in-reply-to:references:mime-version:content-type
	:content-transfer-encoding; q=dns; s=default; b=xz56z5Mg2yO7kRzZ
	hIOFIHrYE9s4jWsoharOsTZxIpUzGjDqWOb6PRxurd33O3n/s5qMs4zeQB1T49IV
	v/fplB2Hyubt5xp7syw2adPz2NruXlYmknBhAPz68HNdgl87wZoxAAKtaIIxiYx9
	KA/q2iMAW6aKNUNB5NdDGpYH2ns=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:reply-to:message-id:to:subject
	:in-reply-to:references:mime-version:content-type
	:content-transfer-encoding; s=default; bh=ZQRZy2KQy3a5JPCtYgSx7S
	XlhDw=; b=s1Hc+CFUV3jxm/q5xDY2rfm7vNDPeX4WNBmLmUmqYG7BvHTpbO5xbW
	BB0TjytL13oE1eXzeJx3GsfVF+6yG8xw7YP6GTbO5S+mui40g9cwN9Hko4hjVN4S
	kr3/fXBv+jjg0jFofUf2W2QXbkEYsLW0YVZ4hV+QnO8+m7aSV1lao=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=3.5 required=5.0 tests=AWL,BAYES_50,FREEMAIL_FROM,KAM_THEBAT,SPF_SOFTFAIL autolearn=no version=3.3.2
X-HELO: smtpback.ht-systems.ru
Date: Sat, 13 Sep 2014 01:29:35 +0400
From: Andrey Repin <anrdaemon AT yandex DOT ru>
Reply-To: cygwin AT cygwin DOT com
Message-ID: <601154762.20140913012935@yandex.ru>
To: Christian Franke <Christian DOT Franke AT t-online DOT de>, cygwin AT cygwin DOT com
Subject: Re: Cannot exec() program outside of /bin if PATH is unset
In-Reply-To: <54135451.3060902@t-online.de>
References: <5413271B DOT 1010109 AT t-online DOT de> <54134A83 DOT 80107 AT redhat DOT com> <54135451 DOT 3060902 AT t-online DOT de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes

Greetings, Christian Franke!

>>> Enabling the SetDllDirectory() Win32 call fixes the problem.
>>> Would possibly make sense to add this call to cygwin1.dll.
>> That said, just because POSIX has already given us the
>> get-out-of-jail-free card doesn't mean that we can't be nice and improve
>> cygwin1.dll to try and help broken programs that unset PATH.

> Hmm... is postfix actually broken?
> Unsetting PATH is IMO sane (from the POSIX POV) if all exec() calls use 
> absolute path names.

If all exec() calls are made with full paths, unsetting $PATH does not improve
security in any way, but leave underlying system in an inconsistent state. As
you've witnessed yourself.
This is not limited to Cygwin1.dll, but to all other system DLL's that you
might need to load.


--
WBR,
Andrey Repin (anrdaemon AT yandex DOT ru) 13.09.2014, <1:27>

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple