Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Message-ID: <3E8E15A4.154B92FA@ieee.org> Date: Fri, 04 Apr 2003 18:30:44 -0500 From: "Pierre A. Humblet" X-Accept-Language: en,pdf MIME-Version: 1.0 To: cygwin AT cygwin DOT com Subject: Ash ntsec woes [was: Re: Postinstall failure: file not found] References: <3E8DA250 DOT E8687FCA AT ieee DOT org> <20030404151741 DOT GA249497 AT Worldnet> <20030404152605 DOT GA599585 AT Worldnet> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Here is how sh behaves when executing a script with strange permissions /> cat sayhi echo hi /> getfacl sayhi # file: sayhi # owner: AdministratorS # group: Users user::--- user:PHumblet:rwx group::--- mask:rwx other:--- /> sh -c sayhi <== OK hi /> sh -c /sayhi <== Does not realize file is executable /sayhi: not found /> setfacl -s u::---,g::---,o:--- sayhi /> sh -c sayhi <== Goes ahead even though file is unreadable /> echo $? 255 The reason why ash is inconsistent is that when it searches a command on PATH it does NOT check for executable or even readable files. There is code that used to do that on line 558 of exec.c, but it is "#ifdef notdef". On the other hand, absolute paths are checked with stat on lines 459 and 472 (partly in Cygwin specific code). So ash is always too permissive or too strict when looking up commands, although its builtin "test" is fine. The "just right" way in Cygwin is to use access(X_OK) on all 3 lines listed above. Pierre -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/