This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: Cannot exec() program outside of /bin if PATH is unset
- From: Christian Franke <Christian dot Franke at t-online dot de>
- To: cygwin at cygwin dot com
- Date: Sat, 13 Sep 2014 00:50:44 +0200
- Subject: Re: Cannot exec() program outside of /bin if PATH is unset
- Authentication-results: sourceware.org; auth=none
- References: <5413271B dot 1010109 at t-online dot de> <54134A83 dot 80107 at redhat dot com> <54135451 dot 3060902 at t-online dot de> <601154762 dot 20140913012935 at yandex dot ru>
Andrey Repin wrote:
Hmm... is postfix actually broken?
Unsetting PATH is IMO sane (from the POSIX POV) if all exec() calls use
absolute path names.
If all exec() calls are made with full paths, unsetting $PATH does not improve
security in any way,
Of course. But postfix could be configured to run "unknown" external
programs through its various daemons. In this case, a fixed (here:
empty) PATH improves security. If not convinced, please discuss with the
author of postfix :-)
but leave underlying system in an inconsistent state.
I don't see any added inconsistencies, please explain.
This is not limited to Cygwin1.dll, but to all other system DLL's that you
might need to load.
No. The "system" (aka "Windows") DDLs are always found due to the
built-in defaults which *precede* PATH:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms682586.aspx
The Cygwin "system" DLLs may be not found if PATH is modified/unset,
therefore I suggested to fix this by a SetDllDirectory() call.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple