Mailing-List: contact cygwin-developers-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-developers-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin-developers/>
List-Post: <mailto:cygwin-developers AT cygwin DOT com>
List-Help: <mailto:cygwin-developers-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-developers-owner AT cygwin DOT com
Delivered-To: mailing list cygwin-developers AT cygwin DOT com
Date: Tue, 22 Oct 2002 21:26:19 -0400
From: Christopher Faylor <cgf AT redhat DOT com>
To: cygwin-developers AT cygwin DOT com
Subject: Re: Shell scripts [was Re: Avoiding /etc/passwd and /etc/group scans]
Message-ID: <20021023012619.GB24001@redhat.com>
Reply-To: cygwin-developers AT cygwin DOT com
Mail-Followup-To: cygwin-developers AT cygwin DOT com
References: <20021022181947 DOT GA4729 AT redhat DOT com> <3DB5A076 DOT ABAFF076 AT ieee DOT org> <20021022191217 DOT GD4828 AT redhat DOT com> <3DB5AB53 DOT B434ED90 AT ieee DOT org> <20021022202004 DOT GA6995 AT redhat DOT com> <20021022203300 DOT GC6429 AT redhat DOT com> <3DB5BC04 DOT CD6587CB AT ieee DOT org> <20021022212028 DOT GG6429 AT redhat DOT com> <3DB5C3C4 DOT F57CE7B0 AT ieee DOT org> <3 DOT 0 DOT 5 DOT 32 DOT 20021022210518 DOT 008282a0 AT mail DOT attbi DOT com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3.0.5.32.20021022210518.008282a0@mail.attbi.com>
User-Agent: Mutt/1.5.1i

On Tue, Oct 22, 2002 at 09:05:18PM -0400, Pierre A. Humblet wrote:
>At 05:33 PM 10/22/2002 -0400, Christopher Faylor wrote:
>>>About the shell scripts, I will look at your patch tonight.
>
>All your changes in fhandler_disk_file.cc are in the branch with
>get_file_attribute () != 0, Thus they do not apply to successful calls
>with ntsec.

No, they're not.

I moved the '#!' check outside of the get_file_attribute test entirely.
I had originally moved the .exe check outside of the block but that didn't
make any sense, in hindsight, since it just forced cygwin to report .exe
files as executable when windows couldn't actually execute them.

This is not the problem for '#!' scripts, however.  Cygwin can execute
them regardless of whether ntsec or Windows thinks they're executable
or not.

>>>Why do you want to be different from regular Unix and report x
>>>just because the file starts with #! ?
>>>Why not force the user to chmod +x the scripts, for them to be
>>>executable?
>>
>>I am just trying to minimize the impact on users.  For purity sake,
>>I'd rather leave things as they were, actually.
>>
>OK, it would be very disturbing to change the behavior of scripts
>and suddenly force them to have an ACL allowing execution in order
>to execute them. 
>But what needs to be changed in the mode display? 

It's not just "mode display".  It affects whether a script will be
executed or not.

>Actually I would also rather leave things as they were!
>
>At first I was afraid you would always show x for scripts, even when 
>ntsec is on. IMHO this would be a bad idea. For example chmod would start
>behaving unexpectedly.

That is exactly what the change does.  This isn't just for display.

We've made ntsec the default but there are possibly a number of people
out there who have never done a 'chmod a+x foo' on their shell scripts.
Until we have a consistent story on how to solve their problems, I think
it makes sense to make '#!' always executable.

I'm willing to be swayed on this but, so far, it doesn't seem like anyone
is effectively communicating with anyone else here.  We need to get on
the same page wrt the problems and how we are going to solve them.

cgf