[Mono-list] Starting processes with parameters from Mono0.31and mono-0.31.99.20040331

Jonathan Gilbert 2a5gjx302@sneakemail.com
Wed, 07 Apr 2004 00:51:17

Previous message: [Mono-list] Starting processes with parameters from Mono 0.31and mono-0.31.99.20040331
Next message: [Mono-list] Starting processes with parameters from Mono0.31and mono-0.31.99.20040331
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 04:02 PM 06/04/2004 +0200, Gonzalo wrote:
>El mi=81E 07-04-2004 a las 00:15, Jonathan Gilbert escribi=81E
[snip]
>> For this command-line, ShellExecute searches for files whose name (w/o
>> extension) are each of the following, in this order:
>>=20
>> "c:\\Program" (.exe, .com, .bat, .cmd, ..)
>> "c:\\Program Files\\Fubar" (.exe, .com, .bat, .cmd, ..)
>> "c:\\Program Files\\Fubar Corp\\Example" (.exe, .com, .bat, .cmd, ..)
>> "c:\\Program Files\\Fubar Corp\\Example 1.exe" (.exe, .com, .bat, .cmd, =
..)
>> "c:\\Program Files\\Fubar Corp\\Example 1.exe params" (.exe, .com, .bat,
>> .cmd, ..)
>>=20
>> Any one of those first 3 can be used to "hijack" the program, such that
>> badly-written code using ShellExecute will run the wrong binary! I belie=
ve
>> the MSDN documentation for ShellExecute warns about this issue.
>
>Isn't that what you get with 'cmd /c whatever'?

No. "cmd /c whatever" will only check the first word.

[x:\]cmd /c c:\Program Files\Windows Media Player\mplayer2.exe
'c:\Program' is not recognized as an internal or external command,
operable program or batch file.

[x:\]

Jonathan

Previous message: [Mono-list] Starting processes with parameters from Mono 0.31and mono-0.31.99.20040331
Next message: [Mono-list] Starting processes with parameters from Mono0.31and mono-0.31.99.20040331
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]