DMARC-Filter: OpenDMARC Filter v1.4.2 delorie.com 51B2c9AS186605
Authentication-Results: delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com
Authentication-Results: delorie.com; spf=pass smtp.mailfrom=cygwin.com
DKIM-Filter: OpenDKIM Filter v2.11.0 delorie.com 51B2c9AS186605
Authentication-Results: delorie.com;
	dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=xpmLkozN
X-Recipient: archive-cygwin AT delorie DOT com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 110F0385840F
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1739241489;
	bh=mG7Krzh6aI2nIpzwbOZAR/v6eiKlIAIl6tlmK/OBsYk=;
	h=Date:To:Cc:Subject:In-Reply-To:References:List-Id:
	 List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:
	 From:Reply-To:From;
	b=xpmLkozN3NpUVPM2us4VG1Hb6dFyw9mV1lm7os5jjft+criqH7b8hOJhywjVpibyx
	 9fuIJeI3PAmcTDNuTXGZgkbJxaGg7POeADndbhu9zo56taentsbmdZY47nUF0F9xdg
	 D3wKarEwjTKAkY5Q0mn27/y1q7ns06JyWgLmXnN4=
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 846843858403
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 846843858403
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1739241460; cv=none;
 b=Il4otgm1L9vnDVwcf4/u0ODJq9GawIxZ+zxioNziIEMo4emkjLkZm3kNN81DPmz2QxktmTXHJfMYsG3mkasha4RT0uYAZ+wyenxb7vkp+yvxPuLGZyl/yGtK5R0H44M9mOp8GURvUXKb2BsZu1AFHzl9VqTTcnXDYb6HZIOrNlQ=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1739241460; c=relaxed/simple;
 bh=81kMYwfwOj2xw9zgtcd+aaRQqVfaL/UVyADsB8H4owk=;
 h=MIME-Version:Date:From:To:Subject:Message-ID;
 b=MkWLPWCHmGxwai677t9hzAQ+llxYRiGaGw+Sluuvqmw0MFue2ltOWc2MLYdzXSLEjkBKlRf9W6sBHy8ZNh4DyVnCbK45BdSrI4SZ0/NSFiaSQQbH+c0AWIfJOp5MZKTC+YFPT+fSsQMzsexzOKcg4g7gT3GKWbCDlZaY7VBXCX0=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 846843858403
MIME-Version: 1.0
Date: Mon, 10 Feb 2025 18:36:46 -0800
To: Splitline Huang <splitline AT devco DOT re>
Cc: cygwin AT cygwin DOT com
Subject: Re: Potential Argument Injection Issue in Cygwin's Command Line
 Handling
In-Reply-To: <CAM2z_YX8cbwea+he+83924SpZAdofp-srLk3Mzof2U4viXgctQ@mail.gmail.com>
References: <CAM2z_YX8cbwea+he+83924SpZAdofp-srLk3Mzof2U4viXgctQ AT mail DOT gmail DOT com>
User-Agent: Roundcube Webmail/1.4.15
Message-ID: <3bf788cf710dd82324a81639098558f5@kylheku.com>
X-Sender: kaz AT kylheku DOT com
X-MagicMail-OS: Unknown
X-MagicMail-UUID: 2937226e-e821-11ef-90cf-005056953255
X-MagicMail-Authenticated: fuck DOT telus AT novus DOT ca
X-MagicMail-SourceIP: 104.37.63.7
X-MagicMail-RegexMatch: 1
X-MagicMail-EnvelopeFrom: <fuck DOT telus AT novus DOT ca>
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From: Kaz Kylheku via Cygwin <cygwin AT cygwin DOT com>
Reply-To: Kaz Kylheku <kaz AT kylheku DOT com>
Content-Type: text/plain; charset="utf-8"
Errors-To: cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com
Sender: "Cygwin" <cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from base64 to 8bit by delorie.com id 51B2c9AS186605

On 2025-02-03 22:15, Splitline Huang via Cygwin wrote:
> Hello Cygwin team,
> 
> I am splitline from DEVCORE research team. I recently have observed an
> inconsistency
> in how Cygwin handles command-line parsing compared to Microsoft’s
> implementation.

Hi,

I maintain a small fork of the Cygwin DLL called Cygnal.

https://www.kylheku.com/cygnal/

The purpose of Cygnal is to leverage Cygwin as a run-time for "native"
Windows applications. 

It gives us a beautfiful development workflow: you simply write
your program under Cygwin as a Cygwin program, compiling with the Cygwin
GCC suite. You can test your program and make sure it functions
as a Cygwin application.

Then you can slide the cygwin1.dll under it, which brings back certain
Windows-like behaviors. Test it that way and ship it to Windows
users who don't know anything about POSIX or Cygwin.
(And also ship it as Cygwin program to Cygwin people too!)

In the Cygnal project, I /do/ care about interoperability with Windows
programs. I'd like a Cygnal program to accept arguments the same way
as something that calls CommandLineToArgvW, or the same way as a
Visual C++ program that begins with wmain.

I don't want Cygnal programs to be susceptible to the alleged argument
injection when invoked by non-Cygwin applications that are following
the Microsoft-recommended command line convention.

Therefore, if you produce a good patch for this issue, I will
likely merge it in the Cygnal project, even if Cygwin doesn't want it.

The patch has to address both generation of arguments when invoking
processes, as well as parsing.

Quite recently, Cygwin developer Corina Vinschen pointed me (via
a post in this mailing list) to where the commanda rgument parsing
logic takes place. It's under the function dll_crt0_1 in the file
dcrt0.cc. Here, I think:

https://cygwin.com/cgit/newlib-cygwin/tree/winsup/cygwin/dcrt0.cc#n800

This calls something called build_argv, in the same file.

In the Cygnal project, I don't care for having argv[0] massaged
for POSIX conventions, either.

Somewhere under the exec family of functions there is code for
the reverse: encoding arguments into a Windows sommand line.

Cheers ...

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple