Re: Cannot exec() program outside of /bin if PATH is unset
On 2014-09-13 12:00, Christian Franke wrote:
> Eric Blake wrote:
>> (by passing an actual safe path, and NOT by completely unsetting PATH).
>>
>
> Disagree. The postfix master(8) spawns all of its daemons with PATH unset.
> This IMO does not violate POSIX.
>
> Note that setting PATH=/bin on Cygwin does not fix the security problem in
> the DLL search order. Even with "SafeDllSearchMode" enabled, the current
> directory is always checked before PATH. Running some Cygwin program from
> /usr/sbin, /usr/local/bin, /usr/libexec, ... would load a possible malicious
> cyg*.dll from current directory regardless of PATH setting. Only programs in
> /bin are safe.
>
> Using SetDllDirectory("c:\\cygwin\\bin") somewhere in cygwin1.dll would fix
> this also.
How could a call inside a DLL fix the library search order used
to find that same DLL? Yes, it is possible (or likely) that
SetDllDirectory fixes the immediate problem for processes that
are started *by* cygwin1.dll, but it is not effective for Cygwin
processes that are started by some direct use of the Win32 API.
Also, SetDllDirectory will kill all attempts to run 32-bit
Cygwin programs from 64-bit Cygwin (and vice versa).
Cheers,
Peter
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: Cannot exec() program outside of /bin if PATH is unset
(sorry for replying to self) On 2014-09-15 09:44, Peter Rosin wrote: > Also, SetDllDirectory will kill all attempts to run 32-bit > Cygwin programs from 64-bit Cygwin (and vice versa). At least I think so. Cheers, Peter -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: /usr/bin/install doesn't install files from Makefile
Am 2014-09-14 um 21:16 schrieb Marco Atzeri: On 14/09/2014 19:28, Michael Osipov wrote: On 14/09/2014 13:16, Michael Osipov wrote: Hi, I am trying to install an application which autoconf. While configure and make run fine, make install does it's job but no files and directories are created at the end. As if no action has happened. I am building asciidoc-8.6.9 from source. I am on Windows XP SP3. How can I figure out why install is silently failing? Thanks, Michael Is eventually installing in /usr/local ? It is indeed. I have also changed --prefix=$HOME/asciidoc. No avail also. that should work at configure step look on config.log for "prefix= .." setting That is the content of config.log: prefix='/home/mosipov/asciidoc' but it makes no difference. Nothing is installed again. Michael -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: Using DLL compiled with Cygwin inside Visual Studio 2010
On Sun, Sep 14, 2014 at 4:23 PM, Andrey Repin wrote: > Greetings, Csaba Raduly! > >>> B. **OFF-TOPIC**: How can I reply to a specific message in the mailing list? >>> I'm pretty sure that just mention the same title won't be enough. even >>> tho that what I'm trying to do right now... >>> I'm not subscribed to the list, so I can't just hit the "Reply" in my >>> mail (http gmail). > >> You could try hitting Reply and manually adding the mailing list >> address (c...@c... . com), or replacing the list of recipients with >> it. > > Reply to what?... He's not subscribed. To the email I assumed he received. He didn't mention how he got the message he was trying to reply to. Csaba -- GCS a+ e++ d- C++ ULS$ L+$ !E- W++ P+++$ w++$ tv+ b++ DI D++ 5++ The Tao of math: The numbers you can count are not the real numbers. Life is complex, with real and imaginary parts. "Ok, it boots. Which means it must be bug-free and perfect. " -- Linus Torvalds "People disagree with me. I just ignore them." -- Linus Torvalds -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: /usr/bin/install doesn't install files from Makefile
On Sun, Sep 14, 2014 at 1:16 PM, Michael Osipov wrote: > Hi, > > I am trying to install an application which autoconf. While configure and > make run fine, make install does it's job but no files and directories are > created at the end. As if no action has happened. > > I am building asciidoc-8.6.9 from source. I am on Windows XP SP3. > > How can I figure out why install is silently failing? Hi Michael, What's the output of "make install" ? Maybe the install target is just a no-op. Csaba -- GCS a+ e++ d- C++ ULS$ L+$ !E- W++ P+++$ w++$ tv+ b++ DI D++ 5++ The Tao of math: The numbers you can count are not the real numbers. Life is complex, with real and imaginary parts. "Ok, it boots. Which means it must be bug-free and perfect. " -- Linus Torvalds "People disagree with me. I just ignore them." -- Linus Torvalds -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: Cannot exec() program outside of /bin if PATH is unset
Peter Rosin wrote:
On 2014-09-13 12:00, Christian Franke wrote:
Note that setting PATH=/bin on Cygwin does not fix the security problem in the DLL search
order. Even with "SafeDllSearchMode" enabled, the current directory is always
checked before PATH. Running some Cygwin program from /usr/sbin, /usr/local/bin,
/usr/libexec, ... would load a possible malicious cyg*.dll from current directory
regardless of PATH setting. Only programs in /bin are safe.
Using SetDllDirectory("c:\\cygwin\\bin") somewhere in cygwin1.dll would fix
this also.
How could a call inside a DLL fix the library search order used
to find that same DLL? Yes, it is possible (or likely) that
SetDllDirectory fixes the immediate problem for processes that
are started *by* cygwin1.dll, but it is not effective for Cygwin
processes that are started by some direct use of the Win32 API.
Of course, and the same is true for any non-Cygwin program. The security
fix is effective only for any CreateProcess()/LoadLibrary() call within
the process which called SetDllDirectory(DIR_OF_SUBSYSTEM_DLLs).
Also, SetDllDirectory will kill all attempts to run 32-bit
Cygwin programs from 64-bit Cygwin (and vice versa).
For programs in /bin directory, there is no problem because the EXE's
directory is always searched first for required DLLs. SetDllDirectory()
then has no effect for cyg*.dll search order.
For other programs it also works because Windows (at least 7) apparently
skips 32-bit DLLs when searching for 64-bit ones (and vice versa). It is
then required that PATH contains the other Cygwin's /bin directory.
Testcase for calling 64-bit from 32-bit:
exe in /bin:
SetDllDirectory("c:\\cygwin\\bin");
unsetenv("PATH");
execl("/cygdrive/c/cygwin64/bin/uname", "uname", "-a", (const char*)0);
exe not in /bin:
SetDllDirectory("c:\\cygwin\\bin");
setenv("PATH", "/cygdrive/c/cygwin64/bin", 1);
execl("/cygdrive/c/cygwin64/usr/sbin/alternatives", "alternatives",
(const char*)0);
In both cases, the SetDllDirectory() call does not break anything.
Cheers,
Christian
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: Fwd: Need help port forwarding with ssh and cygwin...
Steven Dennis wrote: > So I went to > > http://docs.oracle.com/cd/E24628_01/install.121/e22624/preinstall_req_cygwin_ssh.htm I don't recommend following third-party instructions about how to make Cygwin work. There's plenty of good experienced people on this list willing to help and third-party instructions are notoriously unreliable. > On Sun, Sep 14, 2014 at 8:06 PM, Steven Dennis wrote: >> Forgot to include this >> >> Are you sure you want to continue connecting (yes/no)? yes >> Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts. >> Write failed: Broken pipe Are you running this from a Mintty window? The next thing I would try is "ssh -vvv". The debug output may give you a clue as to what is going wrong. You should also look at /var/log/sshd.log and the Windows Event Viewer for clues. -- David Rothenberger daver...@acm.org It is inconceivable that a judicious observer from another solar system would see in our species -- which has tended to be cruel, destructive, wasteful, and irrational -- the crown and apex of cosmic evolution. Viewing us as the culmination of *anything* is grotesque; viewing us as a transitional species makes more sense -- and gives us more hope. - Betty McCollister, "Our Transitional Species", Free Inquiry magazine, Vol. 8, No. 1 -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
