Updated: setup (2.930)

Jon Turney jon.turney@dronecode.org.uk
Fri Feb 9 13:36:18 GMT 2024

On 09/02/2024 02:17, Kaz Kylheku via Cygwin wrote:
> I see the commit: https://cygwin.com/cgit/cygwin-apps/setup/commit/?id=0122154811bacdd7dc042cff0c80bb0a36af360c
> I'm curious, what improvement arises out of looking up the SetDefaultDllDirectories
> function dynamically in kernel32.dll?
> Is it the case that malicious software can interpose itself somehow such that
> the statically linked SetDefaultDllDirectories call goes elsewhere other than
> kernel32.dll, which we can thwart by asking for the genuine article in kernel32.dll?

You're looking at the wrong commit there.

The dynamic lookup merely ensures that setup continues to work at all on 
Windows versions (<6.0), which don't support that function.

Instead look at:


More information about the Cygwin mailing list