This is the mail archive of the cygwin-developers mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: About the dll search algorithm of dlopen (patch-r3)


Hi Michael,

On Aug 30 18:41, Michael Haubenwallner wrote:
> On 08/30/2016 03:35 PM, Corinna Vinschen wrote:
> > Not well thought out, just an idea kicking around:
> > 
> > Apart from the obvious system path handling, what if other lib->bin
> > transitions only take place if the calling application is installed
> > in that very bin dir...?
> 
> Interesting idea - might work indeed! Even for prefix=/usr, to
> have consistent behaviour across different application prefixes.

Actually, no.  This test is not ok for the system DLL path, because
system DLLs are expected to exist for all applications, even those
not installed in a a system path itself.

> For safety regarding the application dir: If one can write to the
> application dir, couldn't one put a malicious kernel32.dll there
> as well, and/or an empty application.exe.local for dll redirection?

I'm not overly fluent with the .local stuff, but the kernel32.dll thingy
should work as desired since kernel32.dll is one of the KnownDLLs.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: signature.asc
Description: PGP signature


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]