[External] : Re: Shell files in `/bin` can be made executable

Magnus Ihse Bursie magnus.ihse.bursie at oracle.com
Wed Nov 24 13:46:04 UTC 2021

On 2021-11-24 14:31, Aleksei Ivanov wrote:
> On 24/11/2021 13:08, Magnus Ihse Bursie wrote:
>> On 2021-11-23 16:43, Kevin Rushforth wrote:
>>> 2. On Windows platforms it is very easy to have a file be 
>>> accidentally executable depending on how it is created, such that 
>>> (for example) new source code files end up having the execute bit set.
>> I wonder what tooling produces such files, but sure, let's say that 
>> this is something we want to protect ourselves against. I propose 
>> that we modify jcheck so it disallows executable files, not over the 
>> board, but in the src directory. (Or instead of having a block-list, 
>> have an allow-list of directories where executables are allowed, 
>> typically "./bin" and the root (for the configure script.)
> This happens for me all the time in Cygwin. When I create a new file 
> in the repo using Windows tools, like a new java source file in an 
> IDE, the file has execute bit set for everyone (user, group and 
> other). Basically, Cygwin sees all the files on the drive as having 
> execute permissions.
> If a file is created with Cygwin tools, it doesn't have executable 
> permissions.
Have you tried setting CYGWIN=nontsec?


More information about the jdk-dev mailing list