On 09/02/2024 02:17, Kaz Kylheku via Cygwin wrote:
I see the commit:
https://cygwin.com/cgit/cygwin-apps/setup/commit/?id=0122154811bacdd7dc042cff0c80bb0a36af360c
I'm curious, what improvement arises out of looking up the
SetDefaultDllDirectories
function dynamically in kernel32.dll?
Is it the case that malicious software can interpose itself somehow such that
the statically linked SetDefaultDllDirectories call goes elsewhere other than
kernel32.dll, which we can thwart by asking for the genuine article in
kernel32.dll?
You're looking at the wrong commit there.
The dynamic lookup merely ensures that setup continues to work at all on
Windows versions (<6.0), which don't support that function.
Instead look at:
https://cygwin.com/cgit/cygwin-apps/setup/commit/?id=86c0ada12dce4403a9b796380fde9e5c1824734f
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation: https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
