This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: Cannot exec() program outside of /bin if PATH is unset
- From: Andrey Repin <anrdaemon at yandex dot ru>
- To: Christian Franke <Christian dot Franke at t-online dot de>, cygwin at cygwin dot com
- Date: Sat, 13 Sep 2014 01:29:35 +0400
- Subject: Re: Cannot exec() program outside of /bin if PATH is unset
- Authentication-results: sourceware.org; auth=none
- References: <5413271B dot 1010109 at t-online dot de> <54134A83 dot 80107 at redhat dot com> <54135451 dot 3060902 at t-online dot de>
- Reply-to: cygwin at cygwin dot com
Greetings, Christian Franke!
>>> Enabling the SetDllDirectory() Win32 call fixes the problem.
>>> Would possibly make sense to add this call to cygwin1.dll.
>> That said, just because POSIX has already given us the
>> get-out-of-jail-free card doesn't mean that we can't be nice and improve
>> cygwin1.dll to try and help broken programs that unset PATH.
> Hmm... is postfix actually broken?
> Unsetting PATH is IMO sane (from the POSIX POV) if all exec() calls use
> absolute path names.
If all exec() calls are made with full paths, unsetting $PATH does not improve
security in any way, but leave underlying system in an inconsistent state. As
you've witnessed yourself.
This is not limited to Cygwin1.dll, but to all other system DLL's that you
might need to load.
--
WBR,
Andrey Repin (anrdaemon@yandex.ru) 13.09.2014, <1:27>
Sorry for my terrible english...
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple