X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Date: Tue, 16 Mar 2010 16:07:00 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: allow executing a path in backslash notation
Message-ID: <20100316150700.GZ6505@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <435451 DOT 56628 DOT qm AT web88306 DOT mail DOT re4 DOT yahoo DOT com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <435451.56628.qm@web88306.mail.re4.yahoo.com>
User-Agent: Mutt/1.5.20 (2009-06-14)
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Mar 15 12:32, Ilguiz Latypov wrote:
> 
> > This has been changed deliberately, otherwise
> > the execp functions have a potential security problem.  If you omit the
> > NNF flag, the function returns the original path unchanged, instead of
> > NULL.
> 
> I see that my conjecture about the root cause of the observed inconsistency was incorrect.  But my conjecture was only secondary to the patch.  The conjecture was about spawnvpe() succeeding where execvp() failed.  Your answer means that spawnvpe() should also call find_exec() with the extra 2 parameters, "PATH=" and FE_NNF.
> 
> Is my primary concern still valid?  I.e., should execvp..()/spawnvp..() succeed in executing backslash notation of relative and absolute paths?  If these inputs should be allowed, did my patch address the issue correctly?
> 
> I agree that a basename-only path should not resolve against current directory according to the execvp..() specs.  I believe the relative and absolute paths are allowed to resolve.

I checked this situation in cmd.exe, and it is not capable of using
paths relativ to %Path%.  In other words, if %Path% contains a path
c:\foo and you have two files C:\foo\baz.exe and C:\foo\bar\baz.exe,
then calling "baz" works, but calling "bar\baz" fails.  OTOH, the
SearchPath function does it right.

So, yes, maybe we should care for this situation but it's not something
to worry about a lot.  I'll look into it again at some point after 1.7.2
has been released.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple