DMARC-Filter: OpenDMARC Filter v1.4.2 delorie.com 51AKYNKd093013
Authentication-Results: delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com
Authentication-Results: delorie.com; spf=pass smtp.mailfrom=cygwin.com
DKIM-Filter: OpenDKIM Filter v2.11.0 delorie.com 51AKYNKd093013
Authentication-Results: delorie.com;
	dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=wvC2xS+g
X-Recipient: archive-cygwin AT delorie DOT com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org C12823858401
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1739219661;
	bh=zH7TTOwUSrp4AvUPDMZlhO539zIjsrqjP6YxiYE1lwU=;
	h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc:
	 From;
	b=wvC2xS+gTwbwSclotoXHPv5m+z4PvVXOx0oRc7FLoAC6Ohdif4ACMtSOcCvJkcbBY
	 RimnUIn2sFTSN+VVsM7lLprdKMsK4p5jRA6zsi7pMxzc66gcKqlFOwjvnwVCiw6SnL
	 KxSvWpoIdAUtceS2DJGx0YAVBOeANGE1I5+o10Q8=
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 0FBF43858C48
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 0FBF43858C48
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1739219623; cv=none;
 b=fgaLrF2J4sbL1BMX5im/VKBTkYaLJ3HUbPaYkC6xPL7cnT6T2ZHO17D+eDng1ePpfThOEQm6CO3H0NLYEl/hiKMeCIxIuUQZ+8kXIfa2ynTfw+wcPFa7/oeImPJtkBbhkffZ/fkU0f2eH5tXaKlZuJ9dvGmp+pQOS55ycIGSRLM=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1739219623; c=relaxed/simple;
 bh=/DihBVQopU0TXMmZd1guXlEKvwEP4nR2mJFuJUVB2bw=;
 h=Message-ID:Date:MIME-Version:From:Subject:To:DKIM-Signature;
 b=Av6Tc6fhJ9hYwPIlkRZGBXb697rIcvRpt+Bk4kLsOz5RJaadDBhvb8ojf4vpMBkEpHrbvsoPyEEw1AQ4faSvAzQ/IwUTlJ4ahbZLmX4Wjve1yZgNh0+t1pswVle/Rfgs4+jPScBqpIig0+P/IP8LWNX0x4uvV6dokop2YC8iG9g=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 0FBF43858C48
Message-ID: <8ac24b73-54e9-470b-9fa8-6da07f3e2d42@SystematicSW.ab.ca>
Date: Mon, 10 Feb 2025 13:32:30 -0700
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Potential Argument Injection Issue in Cygwin's Command Line
 Handling
Content-Language: en-CA
To: cygwin AT cygwin DOT com
References: <CAM2z_YX8cbwea+he+83924SpZAdofp-srLk3Mzof2U4viXgctQ AT mail DOT gmail DOT com>
 <CAM2z_YVYuoq28ZzmZn1RTWdRYLNpGMgjBzRQnKdZ0bb4yTmv=w AT mail DOT gmail DOT com>
 <Z6ME2gh4Mu4Xz3pY AT xps13>
 <CAM2z_YUpN4RFCxxA9cLK=qU-vNqHNP7BTL0iFCM_eRg6Me3JrQ AT mail DOT gmail DOT com>
Autocrypt: addr=Brian DOT Inglis AT SystematicSW DOT ab DOT ca; keydata=
 xjMEXopx8xYJKwYBBAHaRw8BAQdAnCK0qv/xwUCCZQoA9BHRYpstERrspfT0NkUWQVuoePbN
 LkJyaWFuIEluZ2xpcyA8QnJpYW4uSW5nbGlzQFN5c3RlbWF0aWNTdy5hYi5jYT7ClgQTFggA
 PhYhBMM5/lbU970GBS2bZB62lxu92I8YBQJeinHzAhsDBQkJZgGABQsJCAcCBhUKCQgLAgQW
 AgMBAh4BAheAAAoJEB62lxu92I8Y0ioBAI8xrggNxziAVmr+Xm6nnyjoujMqWcq3oEhlYGAO
 WacZAQDFtdDx2koSVSoOmfaOyRTbIWSf9/Cjai29060fsmdsDM44BF6KcfMSCisGAQQBl1UB
 BQEBB0Awv8kHI2PaEgViDqzbnoe8B9KMHoBZLS92HdC7ZPh8HQMBCAfCfgQYFggAJhYhBMM5
 /lbU970GBS2bZB62lxu92I8YBQJeinHzAhsMBQkJZgGAAAoJEB62lxu92I8YZwUBAJw/74rF
 IyaSsGI7ewCdCy88Lce/kdwX7zGwid+f8NZ3AQC/ezTFFi5obXnyMxZJN464nPXiggtT9gN5
 RSyTY8X+AQ==
Organization: Systematic Software
In-Reply-To: <CAM2z_YUpN4RFCxxA9cLK=qU-vNqHNP7BTL0iFCM_eRg6Me3JrQ@mail.gmail.com>
X-Rspamd-Queue-Id: 8C46B20012
X-Stat-Signature: e49pbjiymux7e9j3ahfeu3r5dz9zswi7
X-Rspamd-Server: rspamout05
X-Session-Marker: 427269616E2E496E676C69734053797374656D6174696353572E61622E6361
X-Session-ID: U2FsdGVkX1/6iSZ2/4kdi/EzGHXtzD0gPEWX7vJ/XQ8=
X-HE-Tag: 1739219551-503306
X-HE-Meta: U2FsdGVkX1/kdDm6aMfzSyw675nLEchALNYQvhE1zA5FJCiEz8jTyvhrcVqluTRFb4FG1fSaKaYZHhFBoagH+tny6fVfVmNgUNqjSVEQlzeVf9nDDz3KW951Eyp/4SJLC2UVwPA7r1bug2HfPcZD7zLEKpv5+ca0xVYcSEqycYCGe9tc/7yWcH1Q9qhuqq0KKiMSKVSeGULYO6WFRfsbgUuREEcHirUuXfdVb9wmE0MT0kZA+xjQEu8PrXuLREAhMVPV3Z9OpdYlyyzPugz8VmRLPVKO7bR01A2B6mmz0rrA4wLWr5GzRl4UCadrRx3/Zroh1SxY2BGv0CnbUeuNiwTySVf6RBm0O9A86jNBefwYVQzVHNr5w5v7bo7FFxyiRgUCDpE1ZgEV0+zGTIzXnCQyPC5123CF5XoIuAA3LWx4qJpwDeG9L6/O4jny972CB6zirJD5bfbqkJIl5p8x0A==
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From: Brian Inglis via Cygwin <cygwin AT cygwin DOT com>
Reply-To: cygwin AT cygwin DOT com
Cc: Brian Inglis <Brian DOT Inglis AT SystematicSW DOT ab DOT ca>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Errors-To: cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com
Sender: "Cygwin" <cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from base64 to 8bit by delorie.com id 51AKYNKd093013

On 2025-02-09 20:48, Splitline Ng via Cygwin wrote:
>> Windows is security deficient in this area, not Cygwin.
>>
>> I'll quote myself to share my opinion:
>> https://git.lighttpd.net/lighttpd/lighttpd1.4/src/branch/master/src/fdevent_win32.c#L543
>>       * The Microsoft CreateProcess() interface is criminally broken.
>>       * Forcing argument strings to be concatenated into a single string
>>       * only to be re-parsed by Windows can lead to security issues.
>>       *
>>       * Above comment from 2021 was true then as now in 2025
>>       * https://blog.orange.tw/posts/2025-01-worstfit-unveiling-hidden-transformers-in-windows-ansi/
> 
> Yes, I agree with you, this design has always been really problematic,
> that was totally a bad idea. But at this point, it's probably a huge
> design debt, and I imagine it’s not an easy fix for Microsoft.
> 
> Back to this issue, the argument parsing logic is indeed handled by
> Cygwin itself, not Windows. So regardless of the question of who
> should be held responsible for this, I think it’s still reasonable to
> follow the convention. At the very least, it might be a minor
> inconvenience for some regular users.

What part of "Cygwin - Get that Linux feeling - on Windows" - do you not get?

Cygwin's goals are to be as POSIX/Unix*/Linux compatible as possible by working 
around Windows' bugs, issues, and limitations, while supporting some 
interoperability with Windows programs and systems (less as we add more 
POSIX/Unix/Linux compatible support).

Starting Windows programs with command line arguments from Cygwin programs and 
shells may require the runner to take account of and work around Cygwin's 
conventions, just as starting Cygwin programs with command line arguments from 
Windows programs and shells may require the runner to take account of and work 
around Windows' conventions.

One can avoid any issues by running Cygwin programs only from other Cygwin 
programs, and Windows programs only from other Windows programs.

*[I say Unix because while we want to be UNIX® AKA SUSV5 Core compatible, we 
also want to be compatible with the original Unix legacy embodied in 
SunOS/SysV/Solaris, and BSD releases, from which our libc newlib borrows some 
code with ~1500 refs in ~600 files, and Cygwin has ~600 refs in ~200 files, with 
*all* patches submitted under the BSD-2-Clause licence.]

-- 
Take care. Thanks, Brian Inglis              Calgary, Alberta, Canada

La perfection est atteinte                   Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter  not when there is no more to add
mais lorsqu'il n'y a plus rien à retrancher  but when there is no more to cut
                                 -- Antoine de Saint-Exupéry

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple