[ros-dev] [ros-diffs] [cfinck] 33571: Check if the GetWindowsDirectory call succeeded and use PathAppend to prevent a buffer overflow, when WinDir + "\regedit.exe" > MAX_PATH
FENG Yu Ning
fengyuning1984 at gmail.com
Mon May 19 07:45:45 CEST 2008
On Sun, May 18, 2008 at 7:28 PM, Alex Ionescu <ionucu at videotron.ca> wrote:
> Last nitpick: if you can't get the windows directory, just
> ShellExecute "regedit.exe" directly, as the code originally did --
> this is the behavior on Windows, fyi.
>
>
Though it is the behavior on Windows, it is a bad thing, IMHO. There are
already too many little viruses who pretend to be a system executable, say,
explorer.exe, and they are placed in a (sub)directory of the windows
directory to be shell executed. If we can't get the windows direcoty, we
should let the user know, and give them the chance to fix it, instead of
blindly execute anything.
I used to suffer from those, and they were really annoying. Please consider
being different from Windows in this and similar issues.
MHO.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.reactos.org/pipermail/ros-dev/attachments/20080519/f6bc76ed/attachment.html
More information about the Ros-dev
mailing list