DMARC-Filter:	OpenDMARC Filter v1.4.2 delorie.com 55C0wT9F4129360
Authentication-Results:	delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com
Authentication-Results:	delorie.com; spf=pass smtp.mailfrom=cygwin.com
DKIM-Filter:	OpenDKIM Filter v2.11.0 delorie.com 55C0wT9F4129360
Authentication-Results:	delorie.com;
	dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=cq7zmQlV
X-Recipient:	archive-cygwin AT delorie DOT com
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org A74F13837522
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1749689908;
	bh=FD7O36dfnOWVMw5ym86gaM/DLt9sWLj50B3Id+R/gAI=;
	h=Date:To:Subject:In-Reply-To:References:List-Id:List-Unsubscribe:
	List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	From;
	b=cq7zmQlVszRncXXoBkc3XZ7DrXyf5rb/ziGLdbrrz/WOZr96vzl8Qe95kroKmD4g4
	c+etbuopmRegrSWaz42ExJl4oH5JD5e02Di/YlRTQfky5uTE1glDzNkaX7eXPTTQk3
	Jech6c8Q0WyXYQt+13kt6IcpOcjPC2OJDbLp4LQM=
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.4.2 sourceware.org 13E823837522
ARC-Filter:	OpenARC Filter v1.0.0 sourceware.org 13E823837522
ARC-Seal:	i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1749689841; cv=none;
	b=no5qLO1JCb5vyaa4P84qfhn6niegqux5n597k+8VYA5qsU89Vqf0qeOoHI7MjW10SwqTQRBHWRiUmtLO3FtgrpB1Ee4oU6evlTMJo4JLSpjbcJiJj25DUWQd7hxGgkhKTtIZkRz7cq/Y+V9EY/7Q0P9tlgVmhzl8eBx1A1mGr4w=
ARC-Message-Signature:	i=1; a=rsa-sha256; d=sourceware.org; s=key;
	t=1749689841; c=relaxed/simple;
	bh=v+nI1YDM0qk31BrFbp9szVPNBDJ29898a6hAAjwmGIw=;
	h=DKIM-Signature:Date:From:To:Subject:Message-ID:MIME-Version;
	b=na880it3QFd6xL2u8jfGt5opJdnSpWyyWBEsiZdEHiOAgIbPQ0wDyC5h/QQvCOtkPmAlVkMX3ReVU4PqQY3ytHqhotg7Tpo+Fcr9pVZKQDVo8ckFtApvUw2v1fN9h4M+ImOgBtufnx1rsEensoRlgSKRrEVzpq7VBLji4L4ix6g=
ARC-Authentication-Results:	i=1; server2.sourceware.org
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org 13E823837522
Date:	Wed, 11 Jun 2025 17:57:20 -0700 (PDT)
X-X-Sender:	jeremyd AT resin DOT csoft DOT net
To:	Sam Edge via Cygwin <cygwin AT cygwin DOT com>
Subject:	Re: Path prefix //./ in Cygwin
In-Reply-To:	<2fcf0555-2ea5-41d1-bd42-68fab89a189a@gmx.com>
Message-ID:	<b4cbb08a-52b8-fd53-f85b-825b465cd61a@jdrake.com>
References:	<93fd79f3-bb39-79c2-8e78-57c4af356e54 AT jdrake DOT com>
	<2fcf0555-2ea5-41d1-bd42-68fab89a189a AT gmx DOT com>
MIME-Version:	1.0
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.30
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe:	<https://cygwin.com/mailman/options/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<https://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From:	Jeremy Drake via Cygwin <cygwin AT cygwin DOT com>
Reply-To:	Jeremy Drake <cygwin AT jdrake DOT com>
Errors-To:	cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com
Sender:	"Cygwin" <cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com>

On Thu, 12 Jun 2025, Sam Edge via Cygwin wrote:

> I would think that if you're building something against Cygwin, it's probably
> best to assume it's POSIX where only forward-slash is special and not try to
> second-guess.

This is unsafe, and actually where the rust PR started out.  If you only
treat '/' as special, a program may be tricked into allowing path
traversal with file/directory names like '..\..' or 'C:\Windows' which
are not path traversing or absolute paths in POSIX.

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

- Raw text -