[External] : Re: Shell files in `/bin` can be made executable
Kevin Rushforth
kevin.rushforth at oracle.com
Wed Nov 24 14:14:42 UTC 2021
Yes, exactly. Any file created with an IDE or other Windows tool will
have its execute bit set.
We have a few options for how to proceed:
1. Disallow the executable bit for all files (status quo)
2. Allow the executable bit only for certain files / directories (e.g.,
support an allow-list)
3. Allow the executable bit for all files except source files (i.e.,
similar to how the whitespace check works)
4. Allow the executable bit for all files
I like the status quo, but I don't have any standing in the jdk project
to do more than offer my opinion (FWIW, the OpenJFX project will stick
with option 1). I do think #4 would be a poor choice.
-- Kevin
On 11/24/2021 5:31 AM, Aleksei Ivanov wrote:
> On 24/11/2021 13:08, Magnus Ihse Bursie wrote:
>> On 2021-11-23 16:43, Kevin Rushforth wrote:
>>
>>> 2. On Windows platforms it is very easy to have a file be
>>> accidentally executable depending on how it is created, such that
>>> (for example) new source code files end up having the execute bit set.
>>
>> I wonder what tooling produces such files, but sure, let's say that
>> this is something we want to protect ourselves against. I propose
>> that we modify jcheck so it disallows executable files, not over the
>> board, but in the src directory. (Or instead of having a block-list,
>> have an allow-list of directories where executables are allowed,
>> typically "./bin" and the root (for the configure script.)
>
> This happens for me all the time in Cygwin. When I create a new file
> in the repo using Windows tools, like a new java source file in an
> IDE, the file has execute bit set for everyone (user, group and
> other). Basically, Cygwin sees all the files on the drive as having
> execute permissions.
>
> If a file is created with Cygwin tools, it doesn't have executable
> permissions.
>
More information about the jdk-dev
mailing list