[External] : Re: Shell files in `/bin` can be made executable
Aleksei Ivanov
alexey.ivanov at oracle.com
Wed Nov 24 14:19:59 UTC 2021
On 24/11/2021 13:46, Magnus Ihse Bursie wrote:
> On 2021-11-24 14:31, Aleksei Ivanov wrote:
>> On 24/11/2021 13:08, Magnus Ihse Bursie wrote:
>>> On 2021-11-23 16:43, Kevin Rushforth wrote:
>>>
>>>> 2. On Windows platforms it is very easy to have a file be
>>>> accidentally executable depending on how it is created, such that
>>>> (for example) new source code files end up having the execute bit set.
>>>
>>> I wonder what tooling produces such files, but sure, let's say that
>>> this is something we want to protect ourselves against. I propose
>>> that we modify jcheck so it disallows executable files, not over the
>>> board, but in the src directory. (Or instead of having a block-list,
>>> have an allow-list of directories where executables are allowed,
>>> typically "./bin" and the root (for the configure script.)
>>
>> This happens for me all the time in Cygwin. When I create a new file
>> in the repo using Windows tools, like a new java source file in an
>> IDE, the file has execute bit set for everyone (user, group and
>> other). Basically, Cygwin sees all the files on the drive as having
>> execute permissions.
>>
>> If a file is created with Cygwin tools, it doesn't have executable
>> permissions.
> Have you tried setting CYGWIN=nontsec?
No, I haven't. I haven't known about this option, I've experienced no
issues with its default behaviour so far.
I use Mercurial from Cygwin and made ./configure script executable; I
use Git for Windows rather than Cygwin one, and therefore ./configure
script is also executable for me.
On the other hand, when I made ./configure executable on Linux, Git
reports it as change.
--
Alexey
More information about the jdk-dev
mailing list