This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Cannot exec() program outside of /bin if PATH is unset


Andrey Repin wrote:
Hmm... is postfix actually broken?
Unsetting PATH is IMO sane (from the POSIX POV) if all exec() calls use
absolute path names.
If all exec() calls are made with full paths, unsetting $PATH does not improve
security in any way,

Of course. But postfix could be configured to run "unknown" external programs through its various daemons. In this case, a fixed (here: empty) PATH improves security. If not convinced, please discuss with the author of postfix :-)


but leave underlying system in an inconsistent state.

I don't see any added inconsistencies, please explain.


This is not limited to Cygwin1.dll, but to all other system DLL's that you
might need to load.

No. The "system" (aka "Windows") DDLs are always found due to the built-in defaults which *precede* PATH:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms682586.aspx

The Cygwin "system" DLLs may be not found if PATH is modified/unset, therefore I suggested to fix this by a SetDllDirectory() call.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]