[External] : Re: Shell files in `/bin` can be made executable

Kevin Rushforth kevin.rushforth at oracle.com
Wed Nov 24 14:14:42 UTC 2021

Yes, exactly. Any file created with an IDE or other Windows tool will 
have its execute bit set.

We have a few options for how to proceed:

1. Disallow the executable bit for all files (status quo)
2. Allow the executable bit only for certain files / directories (e.g., 
support an allow-list)
3. Allow the executable bit for all files except source files (i.e., 
similar to how the whitespace check works)
4. Allow the executable bit for all files

I like the status quo, but I don't have any standing in the jdk project 
to do more than offer my opinion (FWIW, the OpenJFX project will stick 
with option 1). I do think #4 would be a poor choice.

-- Kevin

On 11/24/2021 5:31 AM, Aleksei Ivanov wrote:
> On 24/11/2021 13:08, Magnus Ihse Bursie wrote:
>> On 2021-11-23 16:43, Kevin Rushforth wrote:
>>> 2. On Windows platforms it is very easy to have a file be 
>>> accidentally executable depending on how it is created, such that 
>>> (for example) new source code files end up having the execute bit set.
>> I wonder what tooling produces such files, but sure, let's say that 
>> this is something we want to protect ourselves against. I propose 
>> that we modify jcheck so it disallows executable files, not over the 
>> board, but in the src directory. (Or instead of having a block-list, 
>> have an allow-list of directories where executables are allowed, 
>> typically "./bin" and the root (for the configure script.)
> This happens for me all the time in Cygwin. When I create a new file 
> in the repo using Windows tools, like a new java source file in an 
> IDE, the file has execute bit set for everyone (user, group and 
> other). Basically, Cygwin sees all the files on the drive as having 
> execute permissions.
> If a file is created with Cygwin tools, it doesn't have executable 
> permissions.

More information about the jdk-dev mailing list