From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 27884 invoked by alias); 12 Sep 2014 21:35:20 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 27799 invoked by uid 89); 12 Sep 2014 21:35:20 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=3.5 required=5.0 tests=AWL,BAYES_50,FREEMAIL_FROM,KAM_THEBAT,SPF_SOFTFAIL autolearn=no version=3.3.2 X-HELO: smtpback.ht-systems.ru Received: from smtpback.ht-systems.ru (HELO smtpback.ht-systems.ru) (78.110.50.181) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-GCM-SHA384 encrypted) ESMTPS; Fri, 12 Sep 2014 21:35:18 +0000 Received: from [91.79.67.207] (helo=darkdragon.lan) by smtp.ht-systems.ru with esmtpa (Exim 4.80.1) (envelope-from ) (Authenticated sender: postmaster@rootdir.org) id 1XSYUo-0005Ms-10 ; Sat, 13 Sep 2014 01:35:10 +0400 Received: from [192.168.1.10] (HELO daemon2) by daemon2 (Office Mail Server 0.8.12 build 08053101) with SMTP; Fri, 12 Sep 2014 21:29:35 -0000 Date: Fri, 12 Sep 2014 21:56:00 -0000 From: Andrey Repin Reply-To: cygwin@cygwin.com Message-ID: <601154762.20140913012935@yandex.ru> To: Christian Franke , cygwin@cygwin.com Subject: Re: Cannot exec() program outside of /bin if PATH is unset In-Reply-To: <54135451.3060902@t-online.de> References: <5413271B.1010109@t-online.de> <54134A83.80107@redhat.com> <54135451.3060902@t-online.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2014-09/txt/msg00215.txt.bz2 Greetings, Christian Franke! >>> Enabling the SetDllDirectory() Win32 call fixes the problem. >>> Would possibly make sense to add this call to cygwin1.dll. >> That said, just because POSIX has already given us the >> get-out-of-jail-free card doesn't mean that we can't be nice and improve >> cygwin1.dll to try and help broken programs that unset PATH. > Hmm... is postfix actually broken? > Unsetting PATH is IMO sane (from the POSIX POV) if all exec() calls use > absolute path names. If all exec() calls are made with full paths, unsetting $PATH does not improve security in any way, but leave underlying system in an inconsistent state. As you've witnessed yourself. This is not limited to Cygwin1.dll, but to all other system DLL's that you might need to load. -- WBR, Andrey Repin (anrdaemon@yandex.ru) 13.09.2014, <1:27> Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple