Path prefix //./ in Cygwin
Sam Edge
sam.edge.cygwin@gmx.com
Thu Jun 12 01:14:13 GMT 2025
On 12/06/2025 01:57, Jeremy Drake wrote:
> On 2025年6月12日, Sam Edge via Cygwin wrote:
>>> I would think that if you're building something against Cygwin, it's probably
>> best to assume it's POSIX where only forward-slash is special and not try to
>> second-guess.
>> This is unsafe, and actually where the rust PR started out. If you only
> treat '/' as special, a program may be tricked into allowing path
> traversal with file/directory names like '..\..' or 'C:\Windows' which
> are not path traversing or absolute paths in POSIX.
That's true. I don't know but is there a way of configuring a Cygwin
executable or DLL lib - via a DLL-init or exe-main early call for
example - so that subsequent calls that involve Cygwin's path handler
don't try to 'be helpful'?
Out of my depth here re gory details so perhaps the gurus might be able
to shed more light.
(Or to put it another way, I'll get my coat.)
--
Sam Edge
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x8AC2CEBF54528E30.asc
Type: application/pgp-keys
Size: 648 bytes
Desc: OpenPGP public key
URL: <https://cygwin.com/pipermail/cygwin/attachments/20250612/7bf0756e/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://cygwin.com/pipermail/cygwin/attachments/20250612/7bf0756e/attachment-0001.sig>
More information about the Cygwin
mailing list