I will leave the issue of whether GetWindowsDirectory should be used or not aside (even though I believe it's good to use it), but in all honesty I couldn't ignore Alex's comment. The suggestion of fallback feels to me like if you had an internet banking account and you said "oh, well, if HTTPS doesn't work, let's just use HTTP, the system is probably already f*cked up enough that security doesn't matter anymore". This is exactly the type of attitude that introduces security holes into programs... Why would I go a long way to write a complicated code to avoid executable redirection if there's code elsewhere that doesn't follow the rules? Remember, the chain is only as strong as it's weakest link.
F.
On Mon, May 19, 2008 at 10:11 AM, Alex Ionescu ionucu@videotron.ca wrote:
If GetWindowsDirectory fails, you have much worse issues to worry about than executable redirection.
Also note that regedt32.exe is usually in the system32 directory, so how is this a security/redirection issue exactly?
This implies someone would have to:
- Give you a malware regedit.exe in directory foo
- Give you the legitimate regedt32.exe in directory foo
- Somehow convince you to:
3.1) Use regedt32 instead of regedit (few people even know this tool) 3.2) Launch regedt32 from this "foo" directory instead of using start/run regedt32
The issue you're looking for just doesn't exist.
2008/5/19 FENG Yu Ning fengyuning1984@gmail.com:
On Sun, May 18, 2008 at 7:28 PM, Alex Ionescu ionucu@videotron.ca wrote:
Last nitpick: if you can't get the windows directory, just ShellExecute "regedit.exe" directly, as the code originally did -- this is the behavior on Windows, fyi.
Though it is the behavior on Windows, it is a bad thing, IMHO. There are already too many little viruses who pretend to be a system executable, say, explorer.exe, and they are placed in a (sub)directory of the windows directory to be shell executed. If we can't get the windows direcoty, we should let the user know, and give them the chance to fix it, instead of blindly execute anything. I used to suffer from those, and they were really annoying. Please consider being different from Windows in this and similar issues. MHO.
Ros-dev mailing list Ros-dev@reactos.org http://www.reactos.org/mailman/listinfo/ros-dev
-- Best regards, Alex Ionescu
-- Best regards, Alex Ionescu _______________________________________________ Ros-dev mailing list Ros-dev@reactos.org http://www.reactos.org/mailman/listinfo/ros-dev