This is the mail archive of the cygwin-developers mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: DLL hijacking problem


On Aug 28 09:36, Lee wrote:
> On 8/28/10, Corinna Vinschen wrote:
> > On Aug 28 08:35, Lee wrote:
> >> Would cygwin1.dll still be loaded from the directory from which the
> >> application loaded or would I have to put a copy of cygwin1.dll into
> >> whatever GetSystemDirectory resolves to?
> >
> > Copying cygwin1.dll to the system directory was never correct, contains
> > to be so, and has nothing to do with the actual DLL hijacking problem.
> 
> Sorry - I thought an example of the DLL hijacking problem was if I had
> extension "foo" registered to be [processed? loaded?] by foo.exe and I
> doubleclicked on "datafile.foo" in windows explorer.

The security problem is not about DLLs in the same dir as the EXE, it's
about the CWD which is in the DLL search path.

> If foo.exe was built using cygwin, I have a c:\foo\foo.exe and
> c:\foo\cygwin1.dll and I double-click on Z:\datafile.foo in windows
> explorer ... my program still works after this patch is applied?

Yes.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]