From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Robert Collins" To: "David A. Cobb" Cc: Subject: Re: DLL naming conventions Date: Tue, 05 Sep 2000 15:08:00 -0000 Message-id: <008701c01785$3c26f850$f7c723cb@lifelesswks> References: <17B78BDF120BD411B70100500422FC6309E0C7@IIS000> <002501c016b3$0ea0f340$f7c723cb@lifelesswks> <39B56AF5.6576BDAE@home.com> X-SW-Source: 2000-09/msg00168.html ----- Original Message ----- From: "David A. Cobb" To: "Robert Collins" Cc: Sent: Wednesday, September 06, 2000 8:51 AM Subject: Re: DLL naming conventions > Robert Collins wrote: > > > There a path trick used in system integration on *metaframe/ NT Terminal > > Server* machines to keep dll hell to a minimum - I just remembered it... > > > > adding (windows path format) .\bin;..\bin;..\..\bin; to the front if your > > path allowed different applications to find different versions of dlls with > > the same name, the installer just moved the customised .dll to the farthest > > point in the path that did cause issues... > > > > maybe a similar trick could help? Although it doesn't get round the > > in-mmeory issue for win9x/nt 4.0 workstation & server > > > > And I responded enthusiastically, at first glance. However, having "./" at > the front of the $PATH is also a well-known security trapdoor: User enters name > of a "system" script X which uses command Y; user replaces Y with a script in > her local directory; Y runs in a context (say su) where it can do some damage. yes I recall that... what prevents a user writing a well know script to c:\windows\system on win9x? also I'm not suggestign "./", rather "./bin" which may well introduce the same issue... but ignoring 9x (as above) within a users directory on NT with ntsec only that user or an admin should be placing new files.. So user knows what is there unless they are downloading tars that put things in funny locations, without checking the contents (which is a bigger risk IMHO). Imagine putting a compromised bash 'upgrade' on your system... I think given the platform, it's a minor issue. But anyway it doesnt tackle in-memory .dll's so it's a moot point. > -- > David A. Cobb, Software Engineer, Public Access Advocate > "Don't buy or use crappy software" > "By the grace of God I am a Christian man, > by my actions a great sinner" -- The Way of a Pilgrim [R. M. French, tr.] > > > Rob -- Want to unsubscribe from this list? Send a message to cygwin-unsubscribe@sourceware.cygnus.com