X-Recipient: archive-cygwin@delorie.com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:reply-to:to:subject:date:message-id
	:content-type:content-transfer-encoding:mime-version; q=dns; s=
	default; b=UmlXZx1qLrcgNdZuiGhmJhWbrMiToXjp/4/P8YWoHwrgpmE65f3z3
	Il2G0XNas21IC995iKzC/BhVb4DSlrQi85LYeaL0cvJ36/CuFS5bCdoCShLBNL75
	esiCjlkpyAqF39dnKh6V7TT7SdpnEP9W2bd8yHxWYrWx82g/fkroEo=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:reply-to:to:subject:date:message-id
	:content-type:content-transfer-encoding:mime-version; s=default;
	 bh=myXPDO90ldsevigcqabEMTiExJk=; b=XbqDekI09lIrIM2PQ3DwbDFFRSH2
	BBptBiSv7KFJDscKbECGmzPa3xW3U9arN7h2FOP5+LCBoDkC+ZDA1NQDl6+jodEJ
	kzLhUWMpUJ5IjoEddD82kgwIr8s5iHfNiZJ7GvDoBWv156o+E8uilV4YE3dxW8u5
	x2gZQoIzQsKkmBk=
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE,SPF_HELO_PASS autolearn=ham version=3.3.1 spammy=H*F:D*gov, H*MI:prod
X-HELO: nihcesxwayst06.hub.nih.gov
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;  d=nih.gov; i=@nih.gov; q=dns/txt; s=NIH; t=1565029134;  x=1596565134;  h=from:to:subject:date:message-id:   content-transfer-encoding:mime-version;  bh=YQbz/I6LMTZluGWgZLPMlYMEFeuBfGWkvLy9yRKlWug=;  b=FF4S+ZvuK1sxz8Jc+aGytGPLDDd2Td5K6PQIG9NNNMQkhyYIrVHnUz35   6XZYZYhb5LHyM2fMprrh9TdHiTt3+saycGW9s8YZ8up3BJ6YQPueoaaEL   RcbSE/OWnezr0aiA7I60cmd8mQWRkqVMSgFGdl54WtF/CdTwAurhEFQxM   ueGdgi7+40/jaGkg5T+GfgWCAWbbw8u1DUmpe3ahTrmL4SGsBmhKUB3mR   iF5TPDpPa9SLPl+M24KgJeZ4I/L82XMMlRPWMODe5l4EVZPbTRWBSxbtW   GXoZEh/hZzrcTYQDYeW4KryRl+P0s6H8pMPpZOPYd6IcywLAwrnV8aKI4   w==;
IronPort-SDR: BHjT0iPWYNgv4NsUTXTdbUQgAC3yTlStRhS5Ih4Cmr/nmh83L1caXUUsPsOV5K/DxCRAyp8T41 LMJQUU+4ooDQ==
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=O8Jqm3S+Sdey2Mh2PmndnMRuBXFDzYMqcEU8typkv2JTGpA92q8plHk2mt3xnDZSq5myVckxSkL8ve3ixHaJXcWdCCWL+LhnFBaMEMrWjKdTQGF6vBI0NdeG92O72BNfs9BR0vsZ0EkU/ssYDi2h0R+VVg4LbKsfBMAqiOZZkDBUAkeBFJDTvjIf8CEX9z8gqvboSmIW8RXoTThYfFxztZLKLmZoysmZjgQQzVxsAKqdqntHppw4chUPAHEoCcPUAjt0PmEcn9vodegxN4elDNYqf8Fed14sBxf01TRO0YgODZ5BTReqz/4rtnxzk2AsYLeKlVPWi2LTlcD18cdLNg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YQbz/I6LMTZluGWgZLPMlYMEFeuBfGWkvLy9yRKlWug=; b=bGtZOKvZwAnsXb10vXVhqZaMggSt3pPbL6xIRGi5ghA0WJoWnO/uSv7tGnhItt1V93BzoqQacWFBCnHggva+QBI8dt6/AnESpICqe3ua/oRISs3D1TLDOakuBi7wqvg5R7E17970/cmUV/L3qD8emaL9ybZ8oi9A08ikX9af2LczUTo4aOlnIivGIC5oD0PcJW8w15R9nfTmIoLlKVw5Pb5zdNw07pbNM3PB8xmcoTDdfMipWYBwPOc22HPKdxSmKTk2jYsgT+tK7fv/BTrRFnRNfgsWT8proKXutSYQ9oixYrK4E3E2HvKEYFop8HhBLAP1W2l3wGO2URVqOKbDNw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=ncbi.nlm.nih.gov;dmarc=pass action=none header.from=ncbi.nlm.nih.gov;dkim=pass header.d=ncbi.nlm.nih.gov;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nih.onmicrosoft.com; s=selector1-nih-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YQbz/I6LMTZluGWgZLPMlYMEFeuBfGWkvLy9yRKlWug=; b=EafgerdsFSd1Yu5F/5hTbQlfZmIdqf5ikHzfeEmKlYBVhkeV5lWe53eOZ8LDhLhx2FasH2OnshX/2Sm/ISLoizmJdYGEC5nlL6WnTYekxwgwhACARtK2yuHc37Fj1E0/hLpsgkDiKRCDv3cmFUjL89ofqRD10X3KPnBLW6yqoQQ=
From: "Lavrentiev, Anton (NIH/NLM/NCBI) [C] via cygwin" <cygwin@cygwin.com>
Reply-To: "Lavrentiev, Anton (NIH/NLM/NCBI) [C]" <lavr@ncbi.nlm.nih.gov>
To: "'cygwin@cygwin.com'" <cygwin@cygwin.com>
Subject: Empty file without "x" permission is successfully executable on Cygwin
Date: Mon, 5 Aug 2019 18:18:52 +0000
Message-ID: <BL0PR0901MB43081893EE588BDED05886BFA5DA0@BL0PR0901MB4308.namprd09.prod.outlook.com>
authentication-results: spf=none (sender IP is ) smtp.mailfrom=lavr@ncbi.nlm.nih.gov;
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: lavr@nih.gov
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id x75IJWvM012597

Hi,

Please consider the following shell session:

$ cat dummy.c
#include <stdio.h>

int main()
{
    return 0;
}
$ gcc -o dummy dummy.c
$ mv dummy.exe dummy
$ ./dummy
$ echo $?
0
$ chmod a-x dummy
$ ./dummy
-bash: ./dummy: Permission denied
$ rm dummy
$ touch dummy
$ ./dummy
$ echo $?
0

So Cygwin lets the shell to execute a zero-sized file regardless of the "x" perm
(non-empty files are not executable if they do not have "x", as shown above).

Is that expected?  On Unix, an empty file can only be executed (exit code 0) if there's the "x" permission granted.

There's more.  If I put some rubbish in a file, Cygwin still tries to execute it even if the "x" is not there:

$ rm dummy
$ echo "1" > dummy
$ ./dummy
./dummy: line 1: 1: command not found

So Cygwin knows about "dummy" being a PE32 executable missing the "x" (top of my session), and properly denies the execution
when there's no "x", but still lets all other file contents execute blindly (regardless of "x").  That's very dangerous!

Thanks,
Anton Lavrentiev


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple