X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=fU/gBfW6VwJTmSSzwS/T4brfQXxqbDL5ofOgOkAvqbcX/hW60qKVT
	9lvkn6NJbENS+/JRBKtckw/2ErkkvlO/LAzEw9cQGF75FtlTR5teCNQ7gLDeM0/F
	wzJR8Jygbjo7o42IrBEXL/8cEXVPDcBXOfsklYUXg0SDcVCJC6oaLE=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=gYstQpL3livUwhvo8JKrAPP9i1I=; b=O6F+o1gLdi/4+PNTQ8VkSTAdwT2K
	Xly/Tgq8BjE9WCh8ABIv2LJvdkSNG9I2VDolbQr+TLymc/Fco9qMEnNQw8p9dgX5
	qLO8dylD++x81+NT6KnojRooG0fV5s0SVx08W8UZDE3xmuZGWYv815VTi4Eei8/f
	A2PIZJ/IeH9zHzY=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-5.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.2
X-HELO: calimero.vinschen.de
Date: Thu, 9 Oct 2014 18:29:06 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: Cannot exec() program outside of /bin if PATH is unset
Message-ID: <20141009162906.GA25389@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <541378C4 DOT 6030705 AT t-online DOT de> <54137BDE DOT 6040907 AT redhat DOT com> <54137C7F DOT 1040507 AT redhat DOT com> <541415B1 DOT 8090500 AT t-online DOT de> <541698CC DOT 7090802 AT lysator DOT liu DOT se> <5416F946 DOT 7010905 AT t-online DOT de> <20141008134106 DOT GF29235 AT calimero DOT vinschen DOT de> <5435714D DOT 6060206 AT t-online DOT de> <20141009100317 DOT GI29235 AT calimero DOT vinschen DOT de> <54369ADE DOT 7060201 AT redhat DOT com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;	protocol="application/pgp-signature"; boundary="XsQoSWH+UP9D9v3l"
Content-Disposition: inline
In-Reply-To: <54369ADE.7060201@redhat.com>
User-Agent: Mutt/1.5.23 (2014-03-12)

--XsQoSWH+UP9D9v3l
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Oct  9 08:25, Eric Blake wrote:
> On 10/09/2014 04:03 AM, Corinna Vinschen wrote:
>=20
> > Ok.  Or... hmm.  The fact that using SetDllDirectory disallows searching
> > the CWD got me thinking twice.  Security-wise it would really be the
> > right thing to do.  Usually DLLs are in defined search paths:
> >=20
> > - Application dir
> > - Application defined dirs
> > - System dirs
> >=20
> > So, what scenario would actually break by removing CWD from the search
> > path?  Running tests in an libtoolized project dir, perhaps?  Is that a
> > valid concern or did libtool already take care of this?
>=20
> Running a libtool project is probably unimpacted - libtool builds
> in-tree dlls into a subdirectory, which is not usually the CWD.

Right, and AFAICS a wrapper is created which adds the path to the
DLLs to $PATH before starting the actual executable.  So this is no
problem at all.

Any other idea what *might* be broken if we remove CWD from the=20
DLL search path?


Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--XsQoSWH+UP9D9v3l
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUNrfSAAoJEPU2Bp2uRE+g2rMP/i/NS9DQgJ1eFfXduDMY+8ZQ
ZiDclpue9WnW9h3KMnnjxaYAS8L/hG09InaPdbC5ichz65xZop3/zUMB2nipoYnN
5y7VXAnCWnYzMfF8hfi1ZGs4Q+4S3hE86Q44nOBBwxCLQqj0HHUmxzEP0iv2U5RV
ivVoAfTYXwK3g+whtEOgSxvnzKetw43nDqLdbhXriJUOpq8elRQZwG/gkZni9/y0
NVg5txW50JS4z9vjNpkNIKShFou+DWzC5N8ASx7Dk2zfqNOSKYND50vRmld+mOW3
EILPdH3GP1oUhGApxcaklCbXNb5ZpRDEr7ADe50YDh3dkJaJoJb/rdWDVmxOKloG
WX6Y2yXCVWG3I43EJH2nW+I8qJg7btlE8rJOWvfXBZ6rBgwDD0Cp5v8jFi/jR3ll
2ApL8cySr2/gz8CwA24oAqHxP2EWIhI5Xt31m50bPWhIz6dkRb6iDHzbMuWB/lWI
FDdsUbd2sC2w5oDA7lRCzbhwZchNLVrfue3XMQxr0LcwbysdG/coWuSYMo8b7R2w
y49ilhavTAMMJJPWJzUoT2577QCA0838AlPm9mSbj3QniUlCOd51msuz/oqz4GvU
1qoJADIiE5wFe8bZpnn9bejBzmRfSZ1apq9+BwMS8QqtpcWAcM6Jj++HzGs+lMkb
vA1QvnfjJ1qp22CS8TuR
=AgQ5
-----END PGP SIGNATURE-----

--XsQoSWH+UP9D9v3l--