This is the mail archive of the cygwin@sources.redhat.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: DLL naming conventions


----- Original Message -----
From: "David A. Cobb" <superbiskit@home.com>
To: "Robert Collins" <robert.collins@itdomain.com.au>
Cc: <cygwin@sources.redhat.com>
Sent: Wednesday, September 06, 2000 8:51 AM
Subject: Re: DLL naming conventions


> Robert Collins wrote:
>
> > There a path trick used in system integration on *metaframe/ NT Terminal
> > Server* machines to keep dll hell to a minimum - I just remembered it...
> >
> > adding (windows path format) .\bin;..\bin;..\..\bin; to the front if
your
> > path allowed different applications to find different versions of dlls
with
> > the same name, the installer just moved the customised .dll to the
farthest
> > point in the path that did cause issues...
> >
> > maybe a similar trick could help? Although it doesn't get round the
> > in-mmeory issue for win9x/nt 4.0 workstation & server
> >
>
> And I responded enthusiastically, at first glance.  However, having "./"
at
> the front of the $PATH is also a well-known security trapdoor:  User
enters name
> of a "system" script X which uses command Y; user replaces Y with a script
in
> her local directory; Y runs in a context (say su) where it can do some
damage.

yes I recall that... what prevents a user writing a well know script to
c:\windows\system on win9x?

also I'm not suggestign "./", rather  "./bin" which may well introduce the
same issue... but ignoring 9x (as above) within a users directory on NT with
ntsec only that user or an admin should be placing new files.. So user knows
what is there unless they are downloading tars that put things in funny
locations, without checking the contents (which is a bigger risk IMHO).
Imagine putting a compromised bash 'upgrade' on your system...

I think given the platform, it's a minor issue. But anyway it doesnt tackle
in-memory .dll's so it's a moot point.


> --
> David A. Cobb, Software Engineer, Public Access Advocate
> "Don't buy or use crappy software"
> "By the grace of God I am a Christian man,
>  by my actions a great sinner" -- The Way of a Pilgrim [R. M. French, tr.]
>
>
>

Rob


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]