On 12/06/2025 01:57, Jeremy Drake wrote:
On Thu, 12 Jun 2025, Sam Edge via Cygwin wrote:I would think that if you're building something against Cygwin, it's probably best to assume it's POSIX where only forward-slash is special and not try to second-guess.This is unsafe, and actually where the rust PR started out. If you only treat '/' as special, a program may be tricked into allowing path traversal with file/directory names like '..\..' or 'C:\Windows' which are not path traversing or absolute paths in POSIX.
That's true. I don't know but is there a way of configuring a Cygwin executable or DLL lib - via a DLL-init or exe-main early call for example - so that subsequent calls that involve Cygwin's path handler don't try to 'be helpful'?
Out of my depth here re gory details so perhaps the gurus might be able to shed more light.
(Or to put it another way, I'll get my coat.) -- Sam Edge
OpenPGP_0x8AC2CEBF54528E30.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
-- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
