Updated: setup (2.930)
Jon Turney
jon.turney@dronecode.org.uk
Fri Feb 9 13:36:18 GMT 2024
On 09/02/2024 02:17, Kaz Kylheku via Cygwin wrote:
>
> I see the commit: https://cygwin.com/cgit/cygwin-apps/setup/commit/?id=0122154811bacdd7dc042cff0c80bb0a36af360c
>
> I'm curious, what improvement arises out of looking up the SetDefaultDllDirectories
> function dynamically in kernel32.dll?
>
> Is it the case that malicious software can interpose itself somehow such that
> the statically linked SetDefaultDllDirectories call goes elsewhere other than
> kernel32.dll, which we can thwart by asking for the genuine article in kernel32.dll?
You're looking at the wrong commit there.
The dynamic lookup merely ensures that setup continues to work at all on
Windows versions (<6.0), which don't support that function.
Instead look at:
https://cygwin.com/cgit/cygwin-apps/setup/commit/?id=86c0ada12dce4403a9b796380fde9e5c1824734f
More information about the Cygwin
mailing list