From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cygwin-return-219381-listarch-cygwin=sourceware.org@cygwin.com>
Received: (qmail 36586 invoked by alias); 26 Feb 2020 10:54:52 -0000
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Received: (qmail 36578 invoked by uid 89); 26 Feb 2020 10:54:52 -0000
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-109.2 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_2,GOOD_FROM_CORINNA_CYGWIN,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 spammy=*all*, sk:securit, Links
X-HELO: mout.kundenserver.de
Received: from mout.kundenserver.de (HELO mout.kundenserver.de) (212.227.126.134) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 26 Feb 2020 10:54:50 +0000
Received: from calimero.vinschen.de ([24.134.7.25]) by mrelayeu.kundenserver.de (mreue010 [212.227.15.167]) with ESMTPSA (Nemesis) id 1MBUZr-1jGYJ50nYl-00CzaM for <cygwin@cygwin.com>; Wed, 26 Feb 2020 11:54:48 +0100
Received: by calimero.vinschen.de (Postfix, from userid 500)	id 895D3A82772; Wed, 26 Feb 2020 11:54:47 +0100 (CET)
Date: Wed, 26 Feb 2020 10:54:00 -0000
From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin@cygwin.com
Subject: Re: directory without search permission is searchable?
Message-ID: <20200226105447.GQ4045@calimero.vinschen.de>
Reply-To: cygwin@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
References: <06DDE076-BDA6-4877-BDD3-7F670CB38DB0@kba.biglobe.ne.jp> <a3f39b7e-2d34-a649-e5c1-7dd656b96af5@towo.net>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;	protocol="application/pgp-signature"; boundary="1giRMj6yz/+FOIRq"
Content-Disposition: inline
In-Reply-To: <a3f39b7e-2d34-a649-e5c1-7dd656b96af5@towo.net>
X-SW-Source: 2020-02/txt/msg00236.txt.bz2

--1giRMj6yz/+FOIRq
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Content-length: 2512

On Feb 26 08:42, Thomas Wolff wrote:
> Am 26.02.2020 um 06:29 schrieb Jun T:
> > It seems 'ls -l dir/file' or 'stat dir/file' succeeds even if
> > I don't have read/search permission for the 'dir'.
> >=20
> > Create a directory and a file in it:
> >=20
> > $ mkdir tmpdir
> > $ ls -ld tmpdir
> > drwxr-xr-x+ 1 takimoto none 0 Feb 26 12:46 tmpdir
> > $ touch tmpdir/afile
> > $ ls -l tmpdir/afile
> > -rw-r--r-- 1 takimoto 0 none Feb 26 12:46 tmpdir/afile
> >=20
> > Remove all permissions from tmpdir:
> >=20
> > $ chmod 0000 tmpdir
> > $ ls -ld tmpdir
> > d---------+ 1 takimoto none 0 Feb 26 12:46 tmpdir
> > $ getfacl tmpdir
> > # file: tmpdir
> > # owner: takimoto
> > # group: none
> > user::---
> > group::---
> > other::---
> > default:user::rwx
> > default:group::r-x
> > default:other::r-x
> >=20
> > This fails as expected:
> >=20
> > $ ls -l tmpdir
> > ls: cannot open directory 'tmpdir': Permission denied
> >=20
> > But the followings succeed (should fail, I believe):
> >=20
> > $ ls -l tmpdir/afile
> > -rw-r--r-- 1 takimoto none 0 Feb 26 12:46 tmpdir/afile
> > $ stat tmpdir/afile
> >    File: tmpdir/afile
> >    Size: 0               Blocks: 0          IO Block: 65536  regular em=
pty file
> > Device: d05d00abh/3495755947d   Inode: 14636698789089092  Links: 1
> > Access: (0644/-rw-r--r--)  Uid: (197609/takimoto)   Gid: (197121/  none)
> > Access: 2020-02-26 12:46:12.478966400 +0900
> > Modify: 2020-02-26 12:46:12.478966400 +0900
> > Change: 2020-02-26 12:46:12.464849300 +0900
> >   Birth: 2020-02-26 12:46:12.464849300 +0900
> >=20
> > Does this happen only for me?
> To confirm, I noticed this before.

This is Windows for you:

https://docs.microsoft.com/en-us/windows/security/threat-protection/securit=
y-policy-settings/bypass-traverse-checking

The default is to bypass traverse checking for *all* users.  If you
change this in the "Local Security Policy" for a user, bad things happen,
as described in the "Potential impact" section in thew above document.

Way back when we had code in Cygwin which enabled traverse checking for
a while.  It always resulted in problems, so we reverted it.  I always
planned to reenable that in a lean way, that is, only at "open file on
NTFS" rather than the original "always on as soon as the process
starts", but I never got around to it.  In fact, it doesn't make much
sense to disallow Cygwin processes access to files, a native Windows
process can easily access, so I scratched the idea.


Corinna

--=20
Corinna Vinschen
Cygwin Maintainer

--1giRMj6yz/+FOIRq
Content-Type: application/pgp-signature; name="signature.asc"
Content-length: 833

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEoVYPmneWZnwT6kwF9TYGna5ET6AFAl5WTncACgkQ9TYGna5E
T6Cx/w/+I1djriWSJtK0hFU1/f87RU/98ZFDHBz/EqyZ199vel8nNclQaVWySBoH
lrFwipYOpDIY5Y7hZJ//Nt27VsX96NhunfYqJWNFKqY2aEE8wdZkoT/t5cxKHFUt
zvrWOxThuv6g8332vWVRMC2FAo4u9j65LV4mmKjs4ArbFiscsSWSBVcwij+NlwLN
5z651RRdBGHvh+uX9kNgZ2xdiP5PIUxqJEiMYdCxb5ji9gIFiGDnFBviL3Uep7jh
hOJjjHeVeYY2O5SgHWvC0tHGyUH8Tb6L3RvAfpIXyi96IeQGqaPG33DbgXCvtc2M
35ne8x9e3WidIFMqipuFw/ca6QiYnRjVK97KnW+f8N6Q9uvDvR0kZTiI5Z4WoF07
5hK7lYHTiVCMjdaMe0FHeYGk1dXw84QoIme/fWX5VMd9q6JPr0q0Rc8qddQIiDEk
yfw2pUepPrkQE+hJ4HX//HM9yPsb+XN5LAJiGkf6kCpHS6mRtu3M/cXE/QY0VdfS
GkTgdJOxK4qYRysL1YHkUcPXQpPHE5Sji/flMWTTTNak+Mj+sfgpypEFIe/k9pUV
/gcgWvNbb8NC3LAC10zC/fSdqJO7nQ8I57S46qQ9UgTUJQETGEhrWhmh0j73ZRGj
2NLOY/Mc8m8lcSfFTMzliXHl3Rsn5z4UXXm9IkQiOvsVB+X3KKg=
=e76+
-----END PGP SIGNATURE-----

--1giRMj6yz/+FOIRq--