newlib/winsup
Corinna Vinschen 530b866c8e Cygwin: fix quoting when starting invisible console process
fhandler_console::create_invisible_console_workaround() does not use the
lpApplicationName parameter and neglects to quote its command name on
lpCommandLine in the call to CreateProcessW.

Given CreateProcessW's brain-dead method to evaluate the application
path given on the command line, this opens up a security problem if
Cygwin is installed into a path with spaces in it.

Fix this by using the lpApplicationName parameter and quoting of the
application path in the lpCommandLine parameter (used as argv[0] in
the called console helper.

For extended paranoia, make the argument string array big enough to
fit full 64 bit pointer values into it.  Handles usually only use
the lower 32 bit, but better safe than sorry.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-11-05 11:51:55 +01:00
..
CVSChangeLogs.old
cygserver Cygwin: fix GCC 8.3 'local external declaration' errors 2019-07-17 11:08:20 -04:00
cygwin Cygwin: fix quoting when starting invisible console process 2019-11-05 11:51:55 +01:00
doc Cygwin: document recent changes to format_proc_cpuinfo 2019-10-07 16:06:28 -04:00
lsaauth
testsuite
utils Cygwin: pty: Prevent the helper process from exiting by Ctrl-C. 2019-09-14 09:17:27 -04:00
acinclude.m4
aclocal.m4
autogen.sh
c++wrap
ccwrap
config.guess
config.sub
configure Cygwin: seteuid: disable unused funcs and lsaauth subdir 2019-01-28 10:24:18 +01:00
configure.ac Cygwin: seteuid: disable unused funcs and lsaauth subdir 2019-01-28 10:24:18 +01:00
configure.cygwin
CONTRIBUTORS Cygwin: Add J.H. van de Water to CONTRIBUTORS 2018-08-15 18:02:22 +02:00
COPYING
COPYING.LIB
CYGWIN_LICENSE
install-sh
Makefile.common
Makefile.in
README

THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESSED OR
IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

Cygwin documentation is available on the net at https://cygwin.com
You might especially be interested in

https://cygwin.com/faq/faq.html#faq.programming.building-cygwin