| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:to:subject:message-id:reply-to | |
| :references:mime-version:content-type:in-reply-to; q=dns; s= | |
| default; b=a+WQP8bnLilPMa2i05UHYK5vP00jUrNsz95qSP6rNxWHnPq5DiW6e | |
| 05CX6X/NgecWDSbiKz2cSaHR24XfpHoPLZh9ap1//rR/Y+4mpkJfguW3RRYmYKNe | |
| CSwQH2YdvkguccIyHqVuH1uXSFt/EsuVpM4j+no24zr3qo7SlZuA2U= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:to:subject:message-id:reply-to | |
| :references:mime-version:content-type:in-reply-to; s=default; | |
| bh=ezWnIiWpMydsDCnUjklNLt3VzoY=; b=YbOAGNuCOHNkTBs7lTa1OvDwXVL/ | |
| W8F/KMJApAI3vrfW2+z0MaNozGZQ0oDOY/n/ik0UrcBfZ7yFMkDttC/wT5XYI4PW | |
| j9Kuhky/WZdMl4HKvcEqB9YE1RjqkUf4FRZfTST83uU4+z1idbZvjqTTwH9DOFs3 | |
| iCy1KYrCFtEeZdo= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Spam-SWARE-Status: | No, score=-109.2 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_2,GOOD_FROM_CORINNA_CYGWIN,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 spammy=*all*, sk:securit, Links |
| X-HELO: | mout.kundenserver.de |
| Date: | Wed, 26 Feb 2020 11:54:47 +0100 |
| From: | Corinna Vinschen <corinna-cygwin AT cygwin DOT com> |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: directory without search permission is searchable? |
| Message-ID: | <20200226105447.GQ4045@calimero.vinschen.de> |
| Reply-To: | cygwin AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| References: | <06DDE076-BDA6-4877-BDD3-7F670CB38DB0 AT kba DOT biglobe DOT ne DOT jp> <a3f39b7e-2d34-a649-e5c1-7dd656b96af5 AT towo DOT net> |
| MIME-Version: | 1.0 |
| In-Reply-To: | <a3f39b7e-2d34-a649-e5c1-7dd656b96af5@towo.net> |
--1giRMj6yz/+FOIRq Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Feb 26 08:42, Thomas Wolff wrote: > Am 26.02.2020 um 06:29 schrieb Jun T: > > It seems 'ls -l dir/file' or 'stat dir/file' succeeds even if > > I don't have read/search permission for the 'dir'. > >=20 > > Create a directory and a file in it: > >=20 > > $ mkdir tmpdir > > $ ls -ld tmpdir > > drwxr-xr-x+ 1 takimoto none 0 Feb 26 12:46 tmpdir > > $ touch tmpdir/afile > > $ ls -l tmpdir/afile > > -rw-r--r-- 1 takimoto 0 none Feb 26 12:46 tmpdir/afile > >=20 > > Remove all permissions from tmpdir: > >=20 > > $ chmod 0000 tmpdir > > $ ls -ld tmpdir > > d---------+ 1 takimoto none 0 Feb 26 12:46 tmpdir > > $ getfacl tmpdir > > # file: tmpdir > > # owner: takimoto > > # group: none > > user::--- > > group::--- > > other::--- > > default:user::rwx > > default:group::r-x > > default:other::r-x > >=20 > > This fails as expected: > >=20 > > $ ls -l tmpdir > > ls: cannot open directory 'tmpdir': Permission denied > >=20 > > But the followings succeed (should fail, I believe): > >=20 > > $ ls -l tmpdir/afile > > -rw-r--r-- 1 takimoto none 0 Feb 26 12:46 tmpdir/afile > > $ stat tmpdir/afile > > File: tmpdir/afile > > Size: 0 Blocks: 0 IO Block: 65536 regular em= pty file > > Device: d05d00abh/3495755947d Inode: 14636698789089092 Links: 1 > > Access: (0644/-rw-r--r--) Uid: (197609/takimoto) Gid: (197121/ none) > > Access: 2020-02-26 12:46:12.478966400 +0900 > > Modify: 2020-02-26 12:46:12.478966400 +0900 > > Change: 2020-02-26 12:46:12.464849300 +0900 > > Birth: 2020-02-26 12:46:12.464849300 +0900 > >=20 > > Does this happen only for me? > To confirm, I noticed this before. This is Windows for you: https://docs.microsoft.com/en-us/windows/security/threat-protection/securit= y-policy-settings/bypass-traverse-checking The default is to bypass traverse checking for *all* users. If you change this in the "Local Security Policy" for a user, bad things happen, as described in the "Potential impact" section in thew above document. Way back when we had code in Cygwin which enabled traverse checking for a while. It always resulted in problems, so we reverted it. I always planned to reenable that in a lean way, that is, only at "open file on NTFS" rather than the original "always on as soon as the process starts", but I never got around to it. In fact, it doesn't make much sense to disallow Cygwin processes access to files, a native Windows process can easily access, so I scratched the idea. Corinna --=20 Corinna Vinschen Cygwin Maintainer --1giRMj6yz/+FOIRq Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoVYPmneWZnwT6kwF9TYGna5ET6AFAl5WTncACgkQ9TYGna5E T6Cx/w/+I1djriWSJtK0hFU1/f87RU/98ZFDHBz/EqyZ199vel8nNclQaVWySBoH lrFwipYOpDIY5Y7hZJ//Nt27VsX96NhunfYqJWNFKqY2aEE8wdZkoT/t5cxKHFUt zvrWOxThuv6g8332vWVRMC2FAo4u9j65LV4mmKjs4ArbFiscsSWSBVcwij+NlwLN 5z651RRdBGHvh+uX9kNgZ2xdiP5PIUxqJEiMYdCxb5ji9gIFiGDnFBviL3Uep7jh hOJjjHeVeYY2O5SgHWvC0tHGyUH8Tb6L3RvAfpIXyi96IeQGqaPG33DbgXCvtc2M 35ne8x9e3WidIFMqipuFw/ca6QiYnRjVK97KnW+f8N6Q9uvDvR0kZTiI5Z4WoF07 5hK7lYHTiVCMjdaMe0FHeYGk1dXw84QoIme/fWX5VMd9q6JPr0q0Rc8qddQIiDEk yfw2pUepPrkQE+hJ4HX//HM9yPsb+XN5LAJiGkf6kCpHS6mRtu3M/cXE/QY0VdfS GkTgdJOxK4qYRysL1YHkUcPXQpPHE5Sji/flMWTTTNak+Mj+sfgpypEFIe/k9pUV /gcgWvNbb8NC3LAC10zC/fSdqJO7nQ8I57S46qQ9UgTUJQETGEhrWhmh0j73ZRGj 2NLOY/Mc8m8lcSfFTMzliXHl3Rsn5z4UXXm9IkQiOvsVB+X3KKg= =e76+ -----END PGP SIGNATURE----- --1giRMj6yz/+FOIRq--
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |