[External] : Re: Shell files in `/bin` can be made executable
Magnus Ihse Bursie
magnus.ihse.bursie at oracle.com
Wed Nov 24 13:46:04 UTC 2021
On 2021-11-24 14:31, Aleksei Ivanov wrote:
> On 24/11/2021 13:08, Magnus Ihse Bursie wrote:
>> On 2021-11-23 16:43, Kevin Rushforth wrote:
>>
>>> 2. On Windows platforms it is very easy to have a file be
>>> accidentally executable depending on how it is created, such that
>>> (for example) new source code files end up having the execute bit set.
>>
>> I wonder what tooling produces such files, but sure, let's say that
>> this is something we want to protect ourselves against. I propose
>> that we modify jcheck so it disallows executable files, not over the
>> board, but in the src directory. (Or instead of having a block-list,
>> have an allow-list of directories where executables are allowed,
>> typically "./bin" and the root (for the configure script.)
>
> This happens for me all the time in Cygwin. When I create a new file
> in the repo using Windows tools, like a new java source file in an
> IDE, the file has execute bit set for everyone (user, group and
> other). Basically, Cygwin sees all the files on the drive as having
> execute permissions.
>
> If a file is created with Cygwin tools, it doesn't have executable
> permissions.
Have you tried setting CYGWIN=nontsec?
/Magnus
More information about the jdk-dev
mailing list