Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Mon, 29 Aug 2005 16:57:46 -0700
From: Yitzchak Scott-Thoennes <sthoenna AT efn DOT org>
To: cygwin AT cygwin DOT com
Subject: Re: perlcc and permissions
Message-ID: <20050829235746.GB3596@efn.org>
References: <0B9EBBE7CA79D7118FD00002B3B2B9B910ECD62D AT nm75ex51 DOT das DOT honeywell DOT com> <det5jd$ian$1 AT sea DOT gmane DOT org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <det5jd$ian$1@sea.gmane.org>
User-Agent: Mutt/1.4.2.1i
X-IsSubscribed: yes

On Sun, Aug 28, 2005 at 10:08:34PM +0200, Krzysztof Duleba wrote:
> Baksik, Frederick (NM75) wrote:
> 
> > The command /usr/bin/perlcc is actually a perl script that performs
> the -r
> > check to test if it can open the file.
> 
> Thanks for explanation. I assumed that perlcc is a binary file. IIRC this
> is a known issue with perl scripts.
> 
> > So when perl does the -r check, it is correct based on the POSIX
> > permissions because your UID is not the same as the Administrators
> > UID you should not be able to open the file.  But when any program
> > actually attempts to open the file windows ( or is it cygwin )
> > will let it be opened.
> 
> Strange that bash works in a different manner:
> 
> $ [ -r foo.pl ] && echo ok
> ok
> 
> $ perl -e '-r "foo.pl" and print "ok" or print "failed"'
> failed

By default, perl's filetests don't check ACLs.  You can make them do
so with: use filetest "access";

It's interesting that perlcc bothers with the -r check given the following
in "perldoc filetest":

       NOTE: using the file tests for security purposes is a lost cause from
       the start: there is a window open for race conditions (who is to say
       that the permissions will not change between the test and the real
       operation?).  Therefore if you are serious about security, just try the
       real operation and test for its success - think in terms of atomic
       operations.

:)

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/