This is the mail archive of the
cygwin-developers
mailing list for the Cygwin project.
Re: src/winsup/utils ChangeLog cygcheck.cc cygpath ...
- From: Andy Koppe <andy dot koppe at gmail dot com>
- To: cygwin-developers at cygwin dot com
- Date: Sat, 28 Aug 2010 14:45:13 +0100
- Subject: Re: src/winsup/utils ChangeLog cygcheck.cc cygpath ...
- References: <20100828112237.6497.qmail@sourceware.org>
> CVSROOT: Â Â Â Â/cvs/src
> Module name: Â Âsrc
>
> Modified files:
>    Âwinsup/utils  : ChangeLog cygcheck.cc cygpath.cc ldh.cc
> Â Â Â Â Â Â Â Â Â Â Â Â locale.cc mkgroup.c mkpasswd.c module_info.cc
> Â Â Â Â Â Â Â Â Â Â Â Â path.cc ps.cc regtool.cc strace.cc
> Added files:
>    Âwinsup/utils  : loadlib.h
>
> Log message:
> Â Â Â Â* loadlib.h: New header implementing safe LoadLibrary calls.
> Â Â Â ÂInclude throughout files using LoadLibrary function.
> Â Â Â Â* cygcheck.cc (dump_sysinfo): Retrieve kernel32.dll handle via
> Â Â Â ÂGetModuleHandle, rather than using LoadLibrary.
> Â Â Â Â* cygpath.cc (get_long_name): Ditto.
> Â Â Â Â(do_sysfolders): Append .dll suffix in LoadLibrary call.
> Â Â Â Â* ldh.cc (WinMain): Use LoadLibraryExW with DONT_RESOLVE_DLL_REFERENCES
> Â Â Â Âto avoid loading malicious library code.
> Â Â Â Â* locale.cc (print_locale_with_codeset): Change way to retrieve
> Â Â Â Âkernel32.dll path.
I'm not convinced about the approach of #defining LoadLibrary, because
it's very easy to forget to include loadlib.h, and there's no way to
tell from just looking at a LoadLibrary("bla") call whether it's safe.
Andy