DMARC-Filter: OpenDMARC Filter v1.4.2 delorie.com 51AKYNKd093013 Authentication-Results: delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com Authentication-Results: delorie.com; spf=pass smtp.mailfrom=cygwin.com DKIM-Filter: OpenDKIM Filter v2.11.0 delorie.com 51AKYNKd093013 Authentication-Results: delorie.com; dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=wvC2xS+g X-Recipient: archive-cygwin AT delorie DOT com DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org C12823858401 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; s=default; t=1739219661; bh=zH7TTOwUSrp4AvUPDMZlhO539zIjsrqjP6YxiYE1lwU=; h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=wvC2xS+gTwbwSclotoXHPv5m+z4PvVXOx0oRc7FLoAC6Ohdif4ACMtSOcCvJkcbBY RimnUIn2sFTSN+VVsM7lLprdKMsK4p5jRA6zsi7pMxzc66gcKqlFOwjvnwVCiw6SnL KxSvWpoIdAUtceS2DJGx0YAVBOeANGE1I5+o10Q8= X-Original-To: cygwin AT cygwin DOT com Delivered-To: cygwin AT cygwin DOT com DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 0FBF43858C48 ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 0FBF43858C48 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1739219623; cv=none; b=fgaLrF2J4sbL1BMX5im/VKBTkYaLJ3HUbPaYkC6xPL7cnT6T2ZHO17D+eDng1ePpfThOEQm6CO3H0NLYEl/hiKMeCIxIuUQZ+8kXIfa2ynTfw+wcPFa7/oeImPJtkBbhkffZ/fkU0f2eH5tXaKlZuJ9dvGmp+pQOS55ycIGSRLM= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1739219623; c=relaxed/simple; bh=/DihBVQopU0TXMmZd1guXlEKvwEP4nR2mJFuJUVB2bw=; h=Message-ID:Date:MIME-Version:From:Subject:To:DKIM-Signature; b=Av6Tc6fhJ9hYwPIlkRZGBXb697rIcvRpt+Bk4kLsOz5RJaadDBhvb8ojf4vpMBkEpHrbvsoPyEEw1AQ4faSvAzQ/IwUTlJ4ahbZLmX4Wjve1yZgNh0+t1pswVle/Rfgs4+jPScBqpIig0+P/IP8LWNX0x4uvV6dokop2YC8iG9g= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 0FBF43858C48 Message-ID: <8ac24b73-54e9-470b-9fa8-6da07f3e2d42@SystematicSW.ab.ca> Date: Mon, 10 Feb 2025 13:32:30 -0700 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: Potential Argument Injection Issue in Cygwin's Command Line Handling Content-Language: en-CA To: cygwin AT cygwin DOT com References: Autocrypt: addr=Brian DOT Inglis AT SystematicSW DOT ab DOT ca; keydata= xjMEXopx8xYJKwYBBAHaRw8BAQdAnCK0qv/xwUCCZQoA9BHRYpstERrspfT0NkUWQVuoePbN LkJyaWFuIEluZ2xpcyA8QnJpYW4uSW5nbGlzQFN5c3RlbWF0aWNTdy5hYi5jYT7ClgQTFggA PhYhBMM5/lbU970GBS2bZB62lxu92I8YBQJeinHzAhsDBQkJZgGABQsJCAcCBhUKCQgLAgQW AgMBAh4BAheAAAoJEB62lxu92I8Y0ioBAI8xrggNxziAVmr+Xm6nnyjoujMqWcq3oEhlYGAO WacZAQDFtdDx2koSVSoOmfaOyRTbIWSf9/Cjai29060fsmdsDM44BF6KcfMSCisGAQQBl1UB BQEBB0Awv8kHI2PaEgViDqzbnoe8B9KMHoBZLS92HdC7ZPh8HQMBCAfCfgQYFggAJhYhBMM5 /lbU970GBS2bZB62lxu92I8YBQJeinHzAhsMBQkJZgGAAAoJEB62lxu92I8YZwUBAJw/74rF IyaSsGI7ewCdCy88Lce/kdwX7zGwid+f8NZ3AQC/ezTFFi5obXnyMxZJN464nPXiggtT9gN5 RSyTY8X+AQ== Organization: Systematic Software In-Reply-To: X-Rspamd-Queue-Id: 8C46B20012 X-Stat-Signature: e49pbjiymux7e9j3ahfeu3r5dz9zswi7 X-Rspamd-Server: rspamout05 X-Session-Marker: 427269616E2E496E676C69734053797374656D6174696353572E61622E6361 X-Session-ID: U2FsdGVkX1/6iSZ2/4kdi/EzGHXtzD0gPEWX7vJ/XQ8= X-HE-Tag: 1739219551-503306 X-HE-Meta: U2FsdGVkX1/kdDm6aMfzSyw675nLEchALNYQvhE1zA5FJCiEz8jTyvhrcVqluTRFb4FG1fSaKaYZHhFBoagH+tny6fVfVmNgUNqjSVEQlzeVf9nDDz3KW951Eyp/4SJLC2UVwPA7r1bug2HfPcZD7zLEKpv5+ca0xVYcSEqycYCGe9tc/7yWcH1Q9qhuqq0KKiMSKVSeGULYO6WFRfsbgUuREEcHirUuXfdVb9wmE0MT0kZA+xjQEu8PrXuLREAhMVPV3Z9OpdYlyyzPugz8VmRLPVKO7bR01A2B6mmz0rrA4wLWr5GzRl4UCadrRx3/Zroh1SxY2BGv0CnbUeuNiwTySVf6RBm0O9A86jNBefwYVQzVHNr5w5v7bo7FFxyiRgUCDpE1ZgEV0+zGTIzXnCQyPC5123CF5XoIuAA3LWx4qJpwDeG9L6/O4jny972CB6zirJD5bfbqkJIl5p8x0A== X-BeenThere: cygwin AT cygwin DOT com X-Mailman-Version: 2.1.30 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Brian Inglis via Cygwin Reply-To: cygwin AT cygwin DOT com Cc: Brian Inglis Content-Type: text/plain; charset="utf-8"; Format="flowed" Errors-To: cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com Sender: "Cygwin" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by delorie.com id 51AKYNKd093013 On 2025-02-09 20:48, Splitline Ng via Cygwin wrote: >> Windows is security deficient in this area, not Cygwin. >> >> I'll quote myself to share my opinion: >> https://git.lighttpd.net/lighttpd/lighttpd1.4/src/branch/master/src/fdevent_win32.c#L543 >> * The Microsoft CreateProcess() interface is criminally broken. >> * Forcing argument strings to be concatenated into a single string >> * only to be re-parsed by Windows can lead to security issues. >> * >> * Above comment from 2021 was true then as now in 2025 >> * https://blog.orange.tw/posts/2025-01-worstfit-unveiling-hidden-transformers-in-windows-ansi/ > > Yes, I agree with you, this design has always been really problematic, > that was totally a bad idea. But at this point, it's probably a huge > design debt, and I imagine it’s not an easy fix for Microsoft. > > Back to this issue, the argument parsing logic is indeed handled by > Cygwin itself, not Windows. So regardless of the question of who > should be held responsible for this, I think it’s still reasonable to > follow the convention. At the very least, it might be a minor > inconvenience for some regular users. What part of "Cygwin - Get that Linux feeling - on Windows" - do you not get? Cygwin's goals are to be as POSIX/Unix*/Linux compatible as possible by working around Windows' bugs, issues, and limitations, while supporting some interoperability with Windows programs and systems (less as we add more POSIX/Unix/Linux compatible support). Starting Windows programs with command line arguments from Cygwin programs and shells may require the runner to take account of and work around Cygwin's conventions, just as starting Cygwin programs with command line arguments from Windows programs and shells may require the runner to take account of and work around Windows' conventions. One can avoid any issues by running Cygwin programs only from other Cygwin programs, and Windows programs only from other Windows programs. *[I say Unix because while we want to be UNIX® AKA SUSV5 Core compatible, we also want to be compatible with the original Unix legacy embodied in SunOS/SysV/Solaris, and BSD releases, from which our libc newlib borrows some code with ~1500 refs in ~600 files, and Cygwin has ~600 refs in ~200 files, with *all* patches submitted under the BSD-2-Clause licence.] -- Take care. Thanks, Brian Inglis Calgary, Alberta, Canada La perfection est atteinte Perfection is achieved non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add mais lorsqu'il n'y a plus rien à retrancher but when there is no more to cut -- Antoine de Saint-Exupéry -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple