Mailing-List: contact cygwin-developers-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-developers-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin-developers/>
List-Post: <mailto:cygwin-developers AT cygwin DOT com>
List-Help: <mailto:cygwin-developers-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-developers-owner AT cygwin DOT com
Delivered-To: mailing list cygwin-developers AT cygwin DOT com
Message-Id: <3.0.5.32.20021022220428.0082e750@h00207811519c.ne.client2.attbi.com>
X-Sender: pierre AT h00207811519c DOT ne DOT client2 DOT attbi DOT com
Date: Tue, 22 Oct 2002 22:04:28 -0400
To: cygwin-developers AT cygwin DOT com
From: "Pierre A. Humblet" <Pierre DOT Humblet AT ieee DOT org>
Subject: Re: Shell scripts [was Re: Avoiding /etc/passwd and /etc/group
  scans]
In-Reply-To: <20021023012619.GB24001@redhat.com>
References: <3 DOT 0 DOT 5 DOT 32 DOT 20021022210518 DOT 008282a0 AT mail DOT attbi DOT com>
 <20021022181947 DOT GA4729 AT redhat DOT com>
 <3DB5A076 DOT ABAFF076 AT ieee DOT org>
 <20021022191217 DOT GD4828 AT redhat DOT com>
 <3DB5AB53 DOT B434ED90 AT ieee DOT org>
 <20021022202004 DOT GA6995 AT redhat DOT com>
 <20021022203300 DOT GC6429 AT redhat DOT com>
 <3DB5BC04 DOT CD6587CB AT ieee DOT org>
 <20021022212028 DOT GG6429 AT redhat DOT com>
 <3DB5C3C4 DOT F57CE7B0 AT ieee DOT org>
 <3 DOT 0 DOT 5 DOT 32 DOT 20021022210518 DOT 008282a0 AT mail DOT attbi DOT com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"

At 09:26 PM 10/22/2002 -0400, Christopher Faylor wrote:
>>All your changes in fhandler_disk_file.cc are in the branch with
>>get_file_attribute () != 0, Thus they do not apply to successful calls
>>with ntsec.
>
>No, they're not.

Oops. Now that I look at the source and not the web diff it's obvious.

>We've made ntsec the default but there are possibly a number of people
>out there who have never done a 'chmod a+x foo' on their shell scripts.
>Until we have a consistent story on how to solve their problems, I think
>it makes sense to make '#!' always executable.

OK, it hits me hard. I have thought too much about the sids mapping issue.

>I'm willing to be swayed on this but, so far, it doesn't seem like anyone
>is effectively communicating with anyone else here.  We need to get on
>the same page wrt the problems and how we are going to solve them.

That's a tough one. 

I see 3 possible ways:
1) Your current way. Magic => executable. 
   Convenient but chmod is broken and big break with Unix.
2) use another CYGWIN= variable, to make that feature optional.
3) use nontsec if you are not willing to 'chmod a+x foo'

I think I would vote for 3.

I would also distribute a script or a program to chmod all scripts
in a tree. Under user control, not from setup. 

Also, you have
     buf->st_mode |= STD_XBITS; 
so there will be x bits even when it isn't readable. 
That can be improved easily, for 1 or 2 or the script.


Pierre