DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:references
	:mime-version:content-type:in-reply-to; q=dns; s=default; b=scM2
	dRwPkqQIOHlKIga1hWz208J1NElRnI0Hpe4A+ZMUg2EZ1WVvwzczcTeooXyMNczD
	4TO2m1HQERcEHCulrLV+nB2lRvbnz7+TbiAVJRRWyYEiqUWj3T8NAFL/SSaOwpL0
	BpWnnaN5y0yx4Vu/LzJMOfuES/qRi3iISZzJ0jY=
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Date: Mon, 6 Jan 2020 17:01:30 +0000
From: Ubuntu <ubuntu@wolf.rettoggalt.com>
To: cygwin@cygwin.com, Brian Inglis <Brian.Inglis@SystematicSw.ab.ca>
Subject: Re: bash /cmd disagree about owner and permissions to executable
Message-ID: <20200106170119.GA5590@wolf.rettoggalt.com>
References: <be51ce26-fc60-3b6a-02f1-9470431dbd8f@SystematicSw.ab.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <be51ce26-fc60-3b6a-02f1-9470431dbd8f@SystematicSw.ab.ca>
User-Agent: Mutt/1.9.4 (2018-02-28)

To recap, after removing excessive terminal output documentation in earlier mails:

> I installed python3.8 from the "Microsoft Store".
> Then I could run "python3 myscript.py" in a 'cmd' terminal but not in a mintty/bash terminal.
> The bash terminal gave "permission denied".
> 
> Investigating, I found that the PATH variable pointed to a python3.exe in the directory
> C:\Users\Heidi\AppData\Local\Microsoft\WindowsApps.
> 
> Using /bin/ls or using "cmd /c dir /q" would display different owners:
>
> > ls:  -rwxr-x--- 1 Unknown+User Unknown+Group 0 des 26 19:25     python3.exe
> > cmd: 26.12.2019  19.25                 0 PANTER\Heidi           python3.exe
>
> Noting the byte count of zero, I found the file is a reparse point of some "unknown Microsoft" type pointing to
>
> > C:\Program Files\WindowsApps\<very long folder name>\python3.8.exe
>
> (The reparse point type was "unknown" as per Mark Russnivitch's fsutil.exe of 2005.)
> 
> The permissions on "Program Files\WindowsApps" are quite restricted indeed.


On Mon, Dec 30, 2019 at 01:35:53PM -0700, Brian Inglis wrote:
> https://stackoverflow.com/questions/58296925/what-is-zero-byte-executable-files-in-windows#comment102978067_58296925
> 
> "This is a special type of app-execution reparse point that's used to set up the
> security context for running a UWP app. CreateProcessW reparses this internally
> in order to allow individual users to run a particular app."

Very interesting indeed.

But one important question remains: Why do we get "Permission Denied" when 
running from bash, not when running from cmd?

Some derived questions:

Doesn't bash call CreateProcessW?

Should it?

If "CreateProcessW reparses this internally in order to allow individual
users to run a particular app", how does CreateProcessW do that?

What does it base its decisions on?

Has Microsoft implemented a new, competing security system?

Where does the new security system store the permissions?

Are we going to see more and more Windows program becoming
unavailable to Cygwin?

Does cygwin need to reverse engineer this new security system?

Besides I notice that I can do "cygstart myscript.py", and the program runs.
However, it runs in a cmd window that disappears immediately upon termination.


Regards, 
Enrique Perez-Terron

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple