[BUG 1.7] Read-only files are not.

[BUG 1.7] Read-only files are not.

[David Rothenberger]

It seems that read-only files in Cygwin 1.7 are not truly
read-only. The sequence of steps below shows that "chmod 444 file1"
does not make the file read-only in Cygwin 1.7, while it does in
Cygwin 1.5. It may have something to do with the Read Only DOS
attribute. This is set by Cygwin 1.5 but not by Cygwin 1.7. If I
manually set it for Cygwin 1.7, the file does become read-only.

(This issue was brought to my attention by a failing subversion test
after building for 1.7.)

----------------------------------------------------------------------
[1.7] % mkdir /tmp/ro-test
[1.7] % cd /tmp/ro-test
[1.7] % ls -ld
drwxr-xr-x+ 1 drothe None 0 Dec 31 15:18 .
[1.7] % touch file1
[1.7] % ls -l
total 0
-rw-r--r-- 1 drothe None 0 Dec 31 15:18 file1
[1.7] % chmod 444 file1
[1.7] % ls -l
total 0
-r--r--r-- 1 drothe None 0 Dec 31 15:18 file1
[1.7] % test -w file1 && echo yes
yes
[1.7] % echo foo > file1
[1.7] % cat file1
foo
[1.7] % attrib file1
A          C:\cygwin-1.7\tmp\ro-test\file1
[1.7] % attrib +r file1
[1.7] % test -w file1 && echo yes
[1.7] % echo bar > file1
bash: file1: Permission denied
[1.7] % cat file1
foo
----------------------------------------------------------------------

Here is the same sequence of steps using Cygwin 1.5.

----------------------------------------------------------------------
[1.5] % mkdir /tmp/ro-test
[1.5] % cd /tmp/ro-test
[1.5] % ls -ld
drwxr-xr-x+ 2 drothe None 0 Dec 31 15:21 .
[1.5] % touch file1
[1.5] % ls -l
total 0
-rw-r--r-- 1 drothe None 0 Dec 31 15:21 file1
[1.5] % chmod 444 file1
[1.5] % ls -l
total 0
-r--r--r-- 1 drothe None 0 Dec 31 15:21 file1
[1.5] % test -w file1 && echo yes
[1.5] % echo foo > file1
bash: file1: Permission denied
[1.5] % cat file1
[1.5] % attrib file1
A    R     C:\cygwin\tmp\ro-test\file1
[1.5] % attrib -r file1
[1.5] % attrib file1
A          C:\cygwin\tmp\ro-test\file1
[1.5] % ls -l
total 0
-r--r--r-- 1 drothe None 0 Dec 31 15:21 file1
[1.5] % test -w file1 && echo yes
yes
[1.5] % echo foo > file1
bash: file1: Permission denied
[1.5] % cat file1

----------------------------------------------------------------------

-- 
David Rothenberger  ----  daveroth@acm.org

toilet toup'\bee, n.:
        Any shag carpet that causes the lid to become top-heavy, thus
        creating endless annoyance to male users.
                -- Rich Hall, "Sniglets"


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: [BUG 1.7] Read-only files are not.

[Christopher Faylor]

On Wed, Dec 31, 2008 at 03:31:43PM -0800, David Rothenberger wrote:
>It seems that read-only files in Cygwin 1.7 are not truly
>read-only. The sequence of steps below shows that "chmod 444 file1"
>does not make the file read-only in Cygwin 1.7, while it does in
>Cygwin 1.5. It may have something to do with the Read Only DOS
>attribute. This is set by Cygwin 1.5 but not by Cygwin 1.7. If I
>manually set it for Cygwin 1.7, the file does become read-only.
>
>(This issue was brought to my attention by a failing subversion test
>after building for 1.7.)

Hmm.  I can duplicate this but this is all Corinna's code so it might
take a while to track down.

It's a pretty serious bug though.  Would you be willing to see if this
is a recent 1.7 problem by trying some older DLLs?

cgf

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: [BUG 1.7] Read-only files are not.

[Eric Blake]

David Rothenberger <daveroth <at> acm.org> writes:

> 
> It seems that read-only files in Cygwin 1.7 are not truly
> read-only. The sequence of steps below shows that "chmod 444 file1"
> does not make the file read-only in Cygwin 1.7, while it does in
> Cygwin 1.5. It may have something to do with the Read Only DOS
> attribute. This is set by Cygwin 1.5 but not by Cygwin 1.7. If I
> manually set it for Cygwin 1.7, the file does become read-only.

Are you perchance running as an Administrator, and therefore you have backup 
privileges?  If so, then you have root-like power, and cygwin exposes that by 
opening files with intent to backup even when the ACLs would otherwise make the 
file unreadable.  Therefore, even though none of S_IRUSR, S_IRGRP, S_IROTH are 
set in the posixy st_mode bits, access(file, R_OK) returns 0 and open() is able 
to exploit your root-like powers to read that file.

I thought Corinna mentioned this in the release notes.

> 
> (This issue was brought to my attention by a failing subversion test
> after building for 1.7.)

The findutils testsuite also had to make accomodations to skip certain tests 
when run with root-like privileges.

-- 
Eric Blake




--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: [BUG 1.7] Read-only files are not.

[David Rothenberger]

On 12/31/2008 4:06 PM, Eric Blake wrote:
> David Rothenberger <daveroth <at> acm.org> writes:
> 
>> It seems that read-only files in Cygwin 1.7 are not truly
>> read-only.
> 
> Are you perchance running as an Administrator, and therefore you have backup 
> privileges?

Yes.

> If so, then you have root-like power, and cygwin exposes that by 
> opening files with intent to backup even when the ACLs would otherwise make the 
> file unreadable.  Therefore, even though none of S_IRUSR, S_IRGRP, S_IROTH are 
> set in the posixy st_mode bits, access(file, R_OK) returns 0 and open() is able 
> to exploit your root-like powers to read that file.
> 
> I thought Corinna mentioned this in the release notes.

I didn't see anything mentioned in this message: 
http://cygwin.com/ml/cygwin-announce/2008-12/msg00009.html

>> (This issue was brought to my attention by a failing subversion test
>> after building for 1.7.)
> 
> The findutils testsuite also had to make accomodations to skip certain tests 
> when run with root-like privileges.

If this is indeed intended behavior, I will adjust the subversion test 
cases accordingly.


-- 
David Rothenberger  ----  daveroth@acm.org

pain, n.:
         One thing, at least it proves that you're alive!


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: [BUG 1.7] Read-only files are not.

[David Rothenberger]

On 12/31/2008 3:58 PM, Christopher Faylor wrote:
> On Wed, Dec 31, 2008 at 03:31:43PM -0800, David Rothenberger wrote:
>> It seems that read-only files in Cygwin 1.7 are not truly
>> read-only. The sequence of steps below shows that "chmod 444 file1"
>> does not make the file read-only in Cygwin 1.7, while it does in
>> Cygwin 1.5. It may have something to do with the Read Only DOS
>> attribute. This is set by Cygwin 1.5 but not by Cygwin 1.7. If I
>> manually set it for Cygwin 1.7, the file does become read-only.
>>
>> (This issue was brought to my attention by a failing subversion test
>> after building for 1.7.)
> 
> Hmm.  I can duplicate this but this is all Corinna's code so it might
> take a while to track down.
> 
> It's a pretty serious bug though.  Would you be willing to see if this
> is a recent 1.7 problem by trying some older DLLs?

Apparently it is an old problem (if indeed it is a problem and not 
intentional as Eric suggests). The 2008-08-01 does not have the 
"problem" while 2008-08-17 does. 08-01 sets the read-only DOS attribute 
while 08-17 does not.

-- 
David Rothenberger  ----  daveroth@acm.org

"Jesus saves...but Gretzky gets the rebound!"
                 -- Daniel Hinojosa (hinojosa@hp-sdd)


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: [BUG 1.7] Read-only files are not.

[Christopher Faylor]

On Thu, Jan 01, 2009 at 12:06:40AM +0000, Eric Blake wrote:
>David Rothenberger <daveroth <at> acm.org> writes:
>>It seems that read-only files in Cygwin 1.7 are not truly read-only.
>>The sequence of steps below shows that "chmod 444 file1" does not make
>>the file read-only in Cygwin 1.7, while it does in Cygwin 1.5.  It may
>>have something to do with the Read Only DOS attribute.  This is set by
>>Cygwin 1.5 but not by Cygwin 1.7.  If I manually set it for Cygwin 1.7,
>>the file does become read-only.
>
>Are you perchance running as an Administrator, and therefore you have
>backup privileges?  If so, then you have root-like power, and cygwin
>exposes that by opening files with intent to backup even when the ACLs
>would otherwise make the file unreadable.  Therefore, even though none
>of S_IRUSR, S_IRGRP, S_IROTH are set in the posixy st_mode bits,
>access(file, R_OK) returns 0 and open() is able to exploit your
>root-like powers to read that file.
>
>I thought Corinna mentioned this in the release notes.

Ah, right.  I remember when Corinna removed the "DOS" read-only bit.

I am running with Administrator privileges so I guess this behavior
makes sense.

cgf

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: [BUG 1.7] Read-only files are not.

[Corinna Vinschen]

On Dec 31 22:38, Christopher Faylor wrote:
> On Thu, Jan 01, 2009 at 12:06:40AM +0000, Eric Blake wrote:
> >David Rothenberger <daveroth <at> acm.org> writes:
> >>It seems that read-only files in Cygwin 1.7 are not truly read-only.
> >>The sequence of steps below shows that "chmod 444 file1" does not make
> >>the file read-only in Cygwin 1.7, while it does in Cygwin 1.5.  It may
> >>have something to do with the Read Only DOS attribute.  This is set by
> >>Cygwin 1.5 but not by Cygwin 1.7.  If I manually set it for Cygwin 1.7,
> >>the file does become read-only.
> >
> >Are you perchance running as an Administrator, and therefore you have
> >backup privileges?  If so, then you have root-like power, and cygwin
> >exposes that by opening files with intent to backup even when the ACLs
> >would otherwise make the file unreadable.  Therefore, even though none
> >of S_IRUSR, S_IRGRP, S_IROTH are set in the posixy st_mode bits,
> >access(file, R_OK) returns 0 and open() is able to exploit your
> >root-like powers to read that file.
> >
> >I thought Corinna mentioned this in the release notes.
> 
> Ah, right.  I remember when Corinna removed the "DOS" read-only bit.

The idea is that it doesn't make sense to utilize the DOS R/O attribute
for POSIX permissions if the file system supports real security, as NTFS
does.
 
> I am running with Administrator privileges so I guess this behavior
> makes sense.

Yep.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/