This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: allow executing a path in backslash notation


> This has been changed deliberately, otherwise
> the execp functions have a potential security problem.  If you omit the
> NNF flag, the function returns the original path unchanged, instead of
> NULL.

I see that my conjecture about the root cause of the observed inconsistency was incorrect.  But my conjecture was only secondary to the patch.  The conjecture was about spawnvpe() succeeding where execvp() failed.  Your answer means that spawnvpe() should also call find_exec() with the extra 2 parameters, "PATH=" and FE_NNF.

Is my primary concern still valid?  I.e., should execvp..()/spawnvp..() succeed in executing backslash notation of relative and absolute paths?  If these inputs should be allowed, did my patch address the issue correctly?

I agree that a basename-only path should not resolve against current directory according to the execvp..() specs.  I believe the relative and absolute paths are allowed to resolve.

-- 

Attachment: cygwin-dos-compatibility.txt
Description: Text document

Attachment: exec.c
Description: Text document

Attachment: exec-test-case2.txt
Description: Text document

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]