[External] : Re: Shell files in `/bin` can be made executable

Aleksei Ivanov alexey.ivanov at oracle.com
Wed Nov 24 14:19:59 UTC 2021

On 24/11/2021 13:46, Magnus Ihse Bursie wrote:
> On 2021-11-24 14:31, Aleksei Ivanov wrote:
>> On 24/11/2021 13:08, Magnus Ihse Bursie wrote:
>>> On 2021-11-23 16:43, Kevin Rushforth wrote:
>>>> 2. On Windows platforms it is very easy to have a file be 
>>>> accidentally executable depending on how it is created, such that 
>>>> (for example) new source code files end up having the execute bit set.
>>> I wonder what tooling produces such files, but sure, let's say that 
>>> this is something we want to protect ourselves against. I propose 
>>> that we modify jcheck so it disallows executable files, not over the 
>>> board, but in the src directory. (Or instead of having a block-list, 
>>> have an allow-list of directories where executables are allowed, 
>>> typically "./bin" and the root (for the configure script.)
>> This happens for me all the time in Cygwin. When I create a new file 
>> in the repo using Windows tools, like a new java source file in an 
>> IDE, the file has execute bit set for everyone (user, group and 
>> other). Basically, Cygwin sees all the files on the drive as having 
>> execute permissions.
>> If a file is created with Cygwin tools, it doesn't have executable 
>> permissions.
> Have you tried setting CYGWIN=nontsec?

No, I haven't. I haven't known about this option, I've experienced no 
issues with its default behaviour so far.

I use Mercurial from Cygwin and made ./configure script executable; I 
use Git for Windows rather than Cygwin one, and therefore ./configure 
script is also executable for me.

On the other hand, when I made ./configure executable on Linux, Git 
reports it as change.


More information about the jdk-dev mailing list