On 2025-06-11 18:57, Jeremy Drake via Cygwin wrote:
On Thu, 12 Jun 2025, Sam Edge via Cygwin wrote:
I would think that if you're building something against Cygwin, it's probably
best to assume it's POSIX where only forward-slash is special and not try to
second-guess.
This is unsafe, and actually where the rust PR started out. If you only
treat '/' as special, a program may be tricked into allowing path
traversal with file/directory names like '..\..' or 'C:\Windows' which
are not path traversing or absolute paths in POSIX.
Depending on their repetition or handling, these could either be treated as
quoted single character backslashes \. or backslash special characters mapped
into the Unicode BMP (Basic Multilingual Plane) PUA (Private Use Area) U+0E000+
as \u005c -> \U0E05c.
--
Take care. Thanks, Brian Inglis Calgary, Alberta, Canada
La perfection est atteinte Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add
mais lorsqu'il n'y a plus rien à retrancher but when there is no more to cut
-- Antoine de Saint-Exupéry
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation: https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
