X-Recipient: archive-cygwin AT delorie DOT com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 23EF53858C35
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1707485805;
	bh=6OtfBiny00Nv50nPjy50CWCrAn9J7wKdgkVuWQV5x/k=;
	h=Date:Subject:To:References:Cc:In-Reply-To:List-Id:
	 List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:
	 From:Reply-To:From;
	b=AL8YaFjpwbSMvnthi5nGnOKPEPKl5RpAhT9s4W0pA8Vze8Jk+xvdyqNfHr2y8aqPY
	 y25+bxeCZgmxAC69JFxSWFtpGnLbd1mVxiC/PVJEBnzdGKubfVyXQQhTPu5wwg6tt/
	 u365LIMurFRSrweSjQKeuhDiajsx3R1Wn4ttWdKA=
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org A85583858416
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org A85583858416
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1707485784; cv=none;
 b=w8qfjfS+uti1daQlgo69nR6hvo4KKIowSf+EtOCW9td1Noel+cU82rsJkJOh478ZesRxaCHbY+VTvqaqibPd+b7TipCULLkWUynNPaW9OrXt7GhcWelxtxN1FdjNooIb7qGSIubaQ+s0uq3x2qaYziXiI4dcI/bt2RyHoERPrjg=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1707485784; c=relaxed/simple;
 bh=h4m4Y+9jp4s8j3Mcn7OL70Xvtk5UW5LtCnKl8EG6180=;
 h=Message-ID:Date:MIME-Version:Subject:To:From;
 b=LoeGt8vqgHoAC8u2SnVGa9DCYct87LBRriw56WtBm4Gb5BH2mn7gGVQYwqBx1FkjW+ehO7+NlRUxb8URinH5OJ2CDs+NcNvPfJtSFPGY+432H7i5HZvuNziL8dX5ojSTUx0Na4IMb5D7T53sE4APwR7M2Nf2QyDcEvBeOKw8dKc=
ARC-Authentication-Results: i=1; server2.sourceware.org
X-SNCR-Rigid: 6577B5E307874E11
X-Originating-IP: [86.140.112.71]
X-OWM-Source-IP: 86.140.112.71
X-OWM-Env-Sender: jon DOT turney AT dronecode DOT org DOT uk
X-VadeSecure-score: verdict=clean score=0/300, class=clean
X-RazorGate-Vade: gggruggvucftvghtrhhoucdtuddrgedvledrtdeigdehfecutefuodetggdotefrodftvfcurfhrohhfihhlvgemuceutffkvffkuffjvffgnffgvefqofdpqfgfvfenuceurghilhhouhhtmecufedtudenucenucfjughrpefkffggfgfuvfhfhfevjggtgfesthejredttddvjeenucfhrhhomheplfhonhcuvfhurhhnvgihuceojhhonhdrthhurhhnvgihsegurhhonhgvtghouggvrdhorhhgrdhukheqnecuggftrfgrthhtvghrnhepgfeghfdvvdeijeettdfgleetffetfedtuefgfeevhedthefgffelfeethfdvleffnecuffhomhgrihhnpegthihgfihinhdrtghomhenucfkphepkeeirddugedtrdduuddvrdejudenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhephhgvlhhopegludelvddrudeikedruddruddtlegnpdhinhgvthepkeeirddugedtrdduuddvrdejuddpmhgrihhlfhhrohhmpehjohhnrdhtuhhrnhgvhiesughrohhnvggtohguvgdrohhrghdruhhkpdhnsggprhgtphhtthhopedvpdhrtghpthhtoheptgihghifihhnsegthihgfihinhdrtghomhdprhgtphhtthhopehkrgiisehkhihlhhgvkhhurdgtohhmpdhrvghvkffrpehhohhsthekiedqudegtddqudduvddqjedurdhrrghnghgvkeeiqddugedtrdgsthgtvghnthhrrghlphhluhhsrdgtohhmpdgruhhthhgpuhhsvghrpehjohhnthhurhhnvgihsegsthhinhhtvghrnhgvthdrtghomhdpghgvohfkrfepifeu
 pdfovfetjfhoshhtpehrvgdqphhrugdqrhhgohhuthdqtddtvd
X-RazorGate-Vade-Verdict: clean 0
X-RazorGate-Vade-Classification: clean
Message-ID: <3391e2e4-da0e-4985-9ec3-a6639f497db9@dronecode.org.uk>
Date: Fri, 9 Feb 2024 13:36:18 +0000
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Updated: setup (2.930)
To: Kaz Kylheku <kaz AT kylheku DOT com>
References: <6a25c776-98bb-4240-8a57-7081324c5a05 AT dronecode DOT org DOT uk>
 <23db00778577ab0853fe1026befb9fe8 AT kylheku DOT com>
Content-Language: en-GB
Cc: cygwin AT cygwin DOT com
In-Reply-To: <23db00778577ab0853fe1026befb9fe8@kylheku.com>
X-Spam-Status: No, score=-1.8 required=5.0 tests=BAYES_00, JMQ_SPF_NEUTRAL,
 KAM_DMARC_STATUS, RCVD_IN_DNSWL_NONE, SPF_HELO_PASS, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From: Jon Turney via Cygwin <cygwin AT cygwin DOT com>
Reply-To: Jon Turney <jon DOT turney AT dronecode DOT org DOT uk>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com
Sender: "Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>

On 09/02/2024 02:17, Kaz Kylheku via Cygwin wrote:
> 
> I see the commit: https://cygwin.com/cgit/cygwin-apps/setup/commit/?id=0122154811bacdd7dc042cff0c80bb0a36af360c
> 
> I'm curious, what improvement arises out of looking up the SetDefaultDllDirectories
> function dynamically in kernel32.dll?
> 
> Is it the case that malicious software can interpose itself somehow such that
> the statically linked SetDefaultDllDirectories call goes elsewhere other than
> kernel32.dll, which we can thwart by asking for the genuine article in kernel32.dll?

You're looking at the wrong commit there.

The dynamic lookup merely ensures that setup continues to work at all on 
Windows versions (<6.0), which don't support that function.

Instead look at:

https://cygwin.com/cgit/cygwin-apps/setup/commit/?id=86c0ada12dce4403a9b796380fde9e5c1824734f


-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple