Re: Empty file without "x" permission is successfully executable on Cygwin

Re: Empty file without "x" permission is successfully executable on Cygwin

[Lavrentiev, Anton (NIH/NLM/NCBI) [C] via cygwin]

> zero-sized? Irrelevant.

It is actually very relevant.  Because executing an empty script results in "success" (exit code 0) -- that creates a false-positive.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Empty file without "x" permission is successfully executable on Cygwin

[Ken Brown]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset="utf-8", Size: 1064 bytes --]

On 8/6/2019 3:09 PM, Lavrentiev, Anton (NIH/NLM/NCBI) [C] via cygwin wrote:
>> zero-sized? Irrelevant.
> 
> It is actually very relevant.  Because executing an empty script results in "success" (exit code 0) -- that creates a false-positive.

You were absolutely right on your first complaint, that Cygwin allows a script 
without execute permission to be executed.  Corinna has already fixed that:

 
https://cygwin.com/git/gitweb.cgi?p=newlib-cygwin.git;a=commit;h=98669a24760a84bfef498fedeef7fa7ecc518e6c

But what's your basis for saying that an empty script shouldn't be executable? 
As long as it has execute permission, you're asking the shell to do nothing.  It 
happily does nothing and reports success.

It works that way on Linux also:

$ touch dummy

$ chmod +x dummy

$ ./dummy

$ echo $?
0

Ken
\x03B‹KCB”\x1c›Ø›\x19[H\x1c™\^[ܝ\x1cΈ\b\b\b\b\b\b\x1a\x1d\x1d\x1c\x0e‹ËØÞYÝÚ[‹˜ÛÛKÜ\x1c›Ø›\x19[\Ëš\x1d^[[\x03B‘TNˆ\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\x1a\x1d\x1d\x1c\x0e‹ËØÞYÝÚ[‹˜ÛÛKÙ˜\KÃB‘^[ØÝ[Y[\x18]\x1a[ÛŽˆ\b\b\b\b\b\b\b\b\x1a\x1d\x1d\x1c\x0e‹ËØÞYÝÚ[‹˜ÛÛKÙ^[ØÜËš\x1d^[[\x03B•[œÝXœØÜšX™H\x1a[™›Îˆ\b\b\b\b\b\x1a\x1d\x1d\x1c\x0e‹ËØÞYÝÚ[‹˜ÛÛKÛ[\vÈÝ[œÝXœØÜšX™K\Ú[\^[\x19CBƒB

Re: Empty file without "x" permission is successfully executable on Cygwin

[Houder]

On Tue, 6 Aug 2019 19:09:04, Lavrentiev, Anton (NIH/NLM/NCBI) [C] via cygwin"  wrote:
> > zero-sized? Irrelevant.
> 
> It is actually very relevant.  Because executing an empty script results in=
>  "success" (exit code 0) -- that creates a false-positive.

Good morning Anton,

Sorry for being brief (and not being clear!).

(and sorry for being late to the party :-)

What I meant, was: a regular file (empty or not), but w/o shebang and w/o the
execute bit, will be executed by Cygwin, contrary to what happens on Unix.

This behaviour (again: different from Unix) has existed for at least a decade.

That is why I wrote: Cygwin != Linux.

When I found out, years and years ago, I assumed that the deviation was due
to FAT filesystems (not being able to represent the x-bit).

Perhaps I was wrong. Perhaps the Cygwin maintainers merely goofed up long ago.

Henri


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Empty file without "x" permission is successfully executable on Cygwin

[Houder]

On Wed, 07 Aug 2019 08:12:28, Houder  wrote:
> On Tue, 6 Aug 2019 19:09:04, Lavrentiev, Anton (NIH/NLM/NCBI) [C] via cygwin"  wrote:
> > > zero-sized? Irrelevant.
> > 
> > It is actually very relevant.  Because executing an empty script results in=
> >  "success" (exit code 0) -- that creates a false-positive.
[snip]

> What I meant, was: a regular file (empty or not), but w/o shebang and w/o the
> execute bit, will be executed by Cygwin, contrary to what happens on Unix.
> 
> This behaviour (again: different from Unix) has existed for at least a decade.
> 
> That is why I wrote: Cygwin != Linux.
> 
> When I found out, years and years ago, I assumed that the deviation was due
> to FAT filesystems (not being able to represent the x-bit).
> 
> Perhaps I was wrong. Perhaps the Cygwin maintainers merely goofed up long ago.

And again I was wrong ...

 - https://cygwin.com/ml/cygwin/2009-06/msg00721.html
   ( Re: Cygwin 1.7: Possible file permission errors in 'base-files' )
   "I've put that on my TODO list."

 - https://cygwin.com/ml/cygwin/2009-06/msg00727.html
   ( HEADSUP maintainers: Packages install scripts without execute permissions )
   "I have the patch for this ready ..."

Now that the problem has been fixed by Corinna, she can remove it from her TODO
list :-P

Henri


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Empty file without "x" permission is successfully executable on Cygwin

[Lavrentiev, Anton (NIH/NLM/NCBI) [C] via cygwin]

> I did read the thread.

Really?

> which you confirmed after the fact.

Oh really?  Then read again:

In my initial post that started the entire thread I wrote:

> On Unix, an empty file can only be executed (exit code 0) if there's the "x" permission granted.

So what's your deal, exactly?


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Empty file without "x" permission is successfully executable on Cygwin

[Vince Rice]

> On Aug 6, 2019, at 4:16 PM, Lavrentiev, Anton (NIH/NLM/NCBI) [C] wrote:
> 
>> Which is why, as Ken said, the size is irrelevant.
> 
> Which makes your comment irrelevant as well.  Read the thread what I was responding and to whom before trolling.

I did read the thread. And Ken's comment was exactly correct, which you confirmed after the fact.
--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Empty file without "x" permission is successfully executable on Cygwin

[Lavrentiev, Anton (NIH/NLM/NCBI) [C] via cygwin]

> Which is why, as Ken said, the size is irrelevant.

Which makes your comment irrelevant as well.  Read the thread what I was responding and to whom before trolling.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Empty file without "x" permission is successfully executable on Cygwin

[Vince Rice]

> On Aug 6, 2019, at 3:39 PM, Lavrentiev, Anton (NIH/NLM/NCBI) [C] via wrote:
> 
>> But what's your basis for saying that an empty script shouldn't be executable?
> 
> I meant it only in the context of the script file lacking the proper "x" permission.
> Of course an empty script _with_ such permissions allowed must be executable, and it will always complete with exit code 0.

Which is why, as Ken said, the size is irrelevant. What's relevant is that it shouldn't be executing
anything that doesn't have the executable bit set. Which is what Corinna fixed.
--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Empty file without "x" permission is successfully executable on Cygwin

[Lavrentiev, Anton (NIH/NLM/NCBI) [C] via cygwin]

> But what's your basis for saying that an empty script shouldn't be executable?

I meant it only in the context of the script file lacking the proper "x" permission.
Of course an empty script _with_ such permissions allowed must be executable, and it will always complete with exit code 0.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Empty file without "x" permission is successfully executable on Cygwin

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 1712 bytes --]

On Aug  6 10:33, Corinna Vinschen wrote:
> On Aug  6 03:19, Ken Brown wrote:
> > >>> On 8/5/2019 2:18 PM, Lavrentiev, Anton (NIH/NLM/NCBI) [C] via cygwin wrote:
> > >>>> Hi,
> > >>>>
> > >>>> Please consider the following shell session:
> > >>>>
> > >>>> $ cat dummy.c
> > >>>> #include <stdio.h>
> > >>>>
> > >>>> int main()
> > >>>> {
> > >>>>        return 0;
> > >>>> }
> > >>>> $ gcc -o dummy dummy.c
> > >>>> $ mv dummy.exe dummy
> > >>>> $ ./dummy
> > >>>> $ echo $?
> > >>>> 0
> > >>>> $ chmod a-x dummy
> > >>>> $ ./dummy
> > >>>> -bash: ./dummy: Permission denied
> > >>>> $ rm dummy
> > >>>> $ touch dummy
> > >>>> $ ./dummy
> > >>>> $ echo $?
> > >>>> 0
> > >>>> [...]
> > It look like what's happening is that bash calls execve(), which returns with 
> > errno ENOEXEC instead of EACCES.
> > 
> > I'll look at this more tomorrow unless someone beats me to it.
> 
> Looks like the checks for this scenario are in the wrong order.  In
> av::setup(), the first check is if the file is a valid executable and if
> so, exec returns ENOEXEC (unless called via exec[vl]p).  Only if that
> fails, av::setup checks the executability of the file(*).

Sorry, this description makes no sense.  Let me try again, here's
what av::setup does:

- Check if the file has been recognized as a she-bang script.
  - If not, checks if we have been called from exec[vl]p.
    - If not, return with ENOEXEC.
    - If yes, prepend /bin/sh to the script name.
- Check if file is executable.
  - If not, return with EACCES.
- Continue script handling.

> Ken, I'll propose a patch on cygwin-patches, please check.


Corinna

-- 
Corinna Vinschen
Cygwin Maintainer

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: Empty file without "x" permission is successfully executable on Cygwin

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 2355 bytes --]

On Aug  6 03:19, Ken Brown wrote:
> On 8/5/2019 4:39 PM, Ken Brown wrote:
> > On 8/5/2019 4:19 PM, Thomas Wolff wrote:
> >>
> >> Am 05.08.2019 um 22:01 schrieb Ken Brown:
> >>> On 8/5/2019 2:18 PM, Lavrentiev, Anton (NIH/NLM/NCBI) [C] via cygwin wrote:
> >>>> Hi,
> >>>>
> >>>> Please consider the following shell session:
> >>>>
> >>>> $ cat dummy.c
> >>>> #include <stdio.h>
> >>>>
> >>>> int main()
> >>>> {
> >>>>        return 0;
> >>>> }
> >>>> $ gcc -o dummy dummy.c
> >>>> $ mv dummy.exe dummy
> >>>> $ ./dummy
> >>>> $ echo $?
> >>>> 0
> >>>> $ chmod a-x dummy
> >>>> $ ./dummy
> >>>> -bash: ./dummy: Permission denied
> >>>> $ rm dummy
> >>>> $ touch dummy
> >>>> $ ./dummy
> >>>> $ echo $?
> >>>> 0
> >>>>
> >>>> So Cygwin lets the shell to execute a zero-sized file regardless of the "x" perm
> >>>> (non-empty files are not executable if they do not have "x", as shown above).
> >>> I can't reproduce this on my system.  Can you show the permissions and ACL of
> >>> dummy?
> >>>
> >>>> There's more.  If I put some rubbish in a file, Cygwin still tries to execute
> >>>> it even if the "x" is not there:
> >>>>
> >>>> $ rm dummy
> >>>> $ echo "1" > dummy
> >>>> $ ./dummy
> >>>> ./dummy: line 1: 1: command not found
> >>> Again I can't reproduce this.
> >> I reproduce the behaviour:
> >>   > echo echo foo > bar
> >>   > ls -l bar
> >> -rw-r--r-- 1 towo None 9  5. Aug 22:18 bar
> >>   > ./bar
> >> foo
> > 
> > You're right.  I was careless in my test.  Sorry for the noise.
> 
> It look like what's happening is that bash calls execve(), which returns with 
> errno ENOEXEC instead of EACCES.
> 
> I'll look at this more tomorrow unless someone beats me to it.

Looks like the checks for this scenario are in the wrong order.  In
av::setup(), the first check is if the file is a valid executable and if
so, exec returns ENOEXEC (unless called via exec[vl]p).  Only if that
fails, av::setup checks the executability of the file(*).

Ken, I'll propose a patch on cygwin-patches, please check.


Thanks,
Corinna


(*) Note that the executability test only makes sense on filesystems
    supporting execute bits.  On FAT filesystems, no such check will take
    place and Cygwin will not encounter EACCES scenarios.

-- 
Corinna Vinschen
Cygwin Maintainer

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: Empty file without "x" permission is successfully executable on Cygwin

[Houder]

On Mon, 5 Aug 2019 18:18:52, Lavrentiev, Anton (NIH/NLM/NCBI) [C] via cygwin"  wrote:
> Hi,
> 
> Please consider the following shell session:
> 
> $ cat dummy.c
> #include <stdio.h>
> 
> int main()
> {
>     return 0;
> }
> $ gcc -o dummy dummy.c
> $ mv dummy.exe dummy
> $ ./dummy
> $ echo $?
> 0
> $ chmod a-x dummy
> $ ./dummy
> -bash: ./dummy: Permission denied
> $ rm dummy
> $ touch dummy
> $ ./dummy
> $ echo $?
> 0
> 
> So Cygwin lets the shell to execute a zero-sized file regardless of
> the "x" perm ...

zero-sized? Irrelevant.
[snip]

> Is that expected?  On Unix, an empty file can only be executed (exit
> code 0) if there's the "x" permission granted.

Yes, Cygwin != Linux.

64-@@ echo date > dummy
64-@@ ls -l dummy
-rw-r--r-- 1 Henri None 5 Aug  6 08:01 dummy
64-@@ ./dummy
Tue Aug  6 08:01:19 CEST 2019
64-@@ dash
$ ./dummy
Tue Aug  6 08:01:38 CEST 2019 <==== (execution by /bin/sh)

$ mv /bin/sh /bin/OOS
$ ls -l /bin/sh.exe
ls: cannot access '/bin/sh.exe': No such file or directory
$ ./dummy
dash: 4: ./dummy: not found <==== attempted to execute "script" using /bin/sh

Also study:

    https://stackoverflow.com/questions/7268437/bash-script-execution-with-and-without-shebang-in-linux-and-bsd

    ( Bash script execution with and without shebang in Linux and BSD )

and

    http://www.faqs.org/faqs/unix-faq/faq/part3/section-16.html

Henri


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Empty file without "x" permission is successfully executable on Cygwin

[Ken Brown]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset="utf-8", Size: 1832 bytes --]

On 8/5/2019 4:39 PM, Ken Brown wrote:
> On 8/5/2019 4:19 PM, Thomas Wolff wrote:
>>
>> Am 05.08.2019 um 22:01 schrieb Ken Brown:
>>> On 8/5/2019 2:18 PM, Lavrentiev, Anton (NIH/NLM/NCBI) [C] via cygwin wrote:
>>>> Hi,
>>>>
>>>> Please consider the following shell session:
>>>>
>>>> $ cat dummy.c
>>>> #include <stdio.h>
>>>>
>>>> int main()
>>>> {
>>>>        return 0;
>>>> }
>>>> $ gcc -o dummy dummy.c
>>>> $ mv dummy.exe dummy
>>>> $ ./dummy
>>>> $ echo $?
>>>> 0
>>>> $ chmod a-x dummy
>>>> $ ./dummy
>>>> -bash: ./dummy: Permission denied
>>>> $ rm dummy
>>>> $ touch dummy
>>>> $ ./dummy
>>>> $ echo $?
>>>> 0
>>>>
>>>> So Cygwin lets the shell to execute a zero-sized file regardless of the "x" perm
>>>> (non-empty files are not executable if they do not have "x", as shown above).
>>> I can't reproduce this on my system.  Can you show the permissions and ACL of
>>> dummy?
>>>
>>>> There's more.  If I put some rubbish in a file, Cygwin still tries to execute
>>>> it even if the "x" is not there:
>>>>
>>>> $ rm dummy
>>>> $ echo "1" > dummy
>>>> $ ./dummy
>>>> ./dummy: line 1: 1: command not found
>>> Again I can't reproduce this.
>> I reproduce the behaviour:
>>   > echo echo foo > bar
>>   > ls -l bar
>> -rw-r--r-- 1 towo None 9  5. Aug 22:18 bar
>>   > ./bar
>> foo
> 
> You're right.  I was careless in my test.  Sorry for the noise.

It look like what's happening is that bash calls execve(), which returns with 
errno ENOEXEC instead of EACCES.

I'll look at this more tomorrow unless someone beats me to it.

Ken
\x03B‹KCB”\x1c›Ø›\x19[H\x1c™\^[ܝ\x1cΈ\b\b\b\b\b\b\x1a\x1d\x1d\x1c\x0e‹ËØÞYÝÚ[‹˜ÛÛKÜ\x1c›Ø›\x19[\Ëš\x1d^[[\x03B‘TNˆ\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\x1a\x1d\x1d\x1c\x0e‹ËØÞYÝÚ[‹˜ÛÛKÙ˜\KÃB‘^[ØÝ[Y[\x18]\x1a[ÛŽˆ\b\b\b\b\b\b\b\b\x1a\x1d\x1d\x1c\x0e‹ËØÞYÝÚ[‹˜ÛÛKÙ^[ØÜËš\x1d^[[\x03B•[œÝXœØÜšX™H\x1a[™›Îˆ\b\b\b\b\b\x1a\x1d\x1d\x1c\x0e‹ËØÞYÝÚ[‹˜ÛÛKÛ[\vÈÝ[œÝXœØÜšX™K\Ú[\^[\x19CBƒB

Re: Empty file without "x" permission is successfully executable on Cygwin

[Ken Brown]

On 8/5/2019 4:19 PM, Thomas Wolff wrote:
> 
> Am 05.08.2019 um 22:01 schrieb Ken Brown:
>> On 8/5/2019 2:18 PM, Lavrentiev, Anton (NIH/NLM/NCBI) [C] via cygwin wrote:
>>> Hi,
>>>
>>> Please consider the following shell session:
>>>
>>> $ cat dummy.c
>>> #include <stdio.h>
>>>
>>> int main()
>>> {
>>>       return 0;
>>> }
>>> $ gcc -o dummy dummy.c
>>> $ mv dummy.exe dummy
>>> $ ./dummy
>>> $ echo $?
>>> 0
>>> $ chmod a-x dummy
>>> $ ./dummy
>>> -bash: ./dummy: Permission denied
>>> $ rm dummy
>>> $ touch dummy
>>> $ ./dummy
>>> $ echo $?
>>> 0
>>>
>>> So Cygwin lets the shell to execute a zero-sized file regardless of the "x" perm
>>> (non-empty files are not executable if they do not have "x", as shown above).
>> I can't reproduce this on my system.  Can you show the permissions and ACL of 
>> dummy?
>>
>>> There's more.  If I put some rubbish in a file, Cygwin still tries to execute 
>>> it even if the "x" is not there:
>>>
>>> $ rm dummy
>>> $ echo "1" > dummy
>>> $ ./dummy
>>> ./dummy: line 1: 1: command not found
>> Again I can't reproduce this.
> I reproduce the behaviour:
>  > echo echo foo > bar
>  > ls -l bar
> -rw-r--r-- 1 towo None 9  5. Aug 22:18 bar
>  > ./bar
> foo

You're right.  I was careless in my test.  Sorry for the noise.

Ken

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Empty file without "x" permission is successfully executable on Cygwin

[Thomas Wolff]

Am 05.08.2019 um 22:01 schrieb Ken Brown:
> On 8/5/2019 2:18 PM, Lavrentiev, Anton (NIH/NLM/NCBI) [C] via cygwin wrote:
>> Hi,
>>
>> Please consider the following shell session:
>>
>> $ cat dummy.c
>> #include <stdio.h>
>>
>> int main()
>> {
>>       return 0;
>> }
>> $ gcc -o dummy dummy.c
>> $ mv dummy.exe dummy
>> $ ./dummy
>> $ echo $?
>> 0
>> $ chmod a-x dummy
>> $ ./dummy
>> -bash: ./dummy: Permission denied
>> $ rm dummy
>> $ touch dummy
>> $ ./dummy
>> $ echo $?
>> 0
>>
>> So Cygwin lets the shell to execute a zero-sized file regardless of the "x" perm
>> (non-empty files are not executable if they do not have "x", as shown above).
> I can't reproduce this on my system.  Can you show the permissions and ACL of dummy?
>
>> There's more.  If I put some rubbish in a file, Cygwin still tries to execute it even if the "x" is not there:
>>
>> $ rm dummy
>> $ echo "1" > dummy
>> $ ./dummy
>> ./dummy: line 1: 1: command not found
> Again I can't reproduce this.
I reproduce the behaviour:
 > echo echo foo > bar
 > ls -l bar
-rw-r--r-- 1 towo None 9  5. Aug 22:18 bar
 > ./bar
foo
 >


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Empty file without "x" permission is successfully executable on Cygwin

[Ken Brown]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset="utf-8", Size: 1174 bytes --]

On 8/5/2019 2:18 PM, Lavrentiev, Anton (NIH/NLM/NCBI) [C] via cygwin wrote:
> Hi,
> 
> Please consider the following shell session:
> 
> $ cat dummy.c
> #include <stdio.h>
> 
> int main()
> {
>      return 0;
> }
> $ gcc -o dummy dummy.c
> $ mv dummy.exe dummy
> $ ./dummy
> $ echo $?
> 0
> $ chmod a-x dummy
> $ ./dummy
> -bash: ./dummy: Permission denied
> $ rm dummy
> $ touch dummy
> $ ./dummy
> $ echo $?
> 0
> 
> So Cygwin lets the shell to execute a zero-sized file regardless of the "x" perm
> (non-empty files are not executable if they do not have "x", as shown above).

I can't reproduce this on my system.  Can you show the permissions and ACL of dummy?

> There's more.  If I put some rubbish in a file, Cygwin still tries to execute it even if the "x" is not there:
> 
> $ rm dummy
> $ echo "1" > dummy
> $ ./dummy
> ./dummy: line 1: 1: command not found

Again I can't reproduce this.

Ken
\0ТÒÐÐ¥\a&ö&ÆVÒ\a&W\x06÷'G3¢\x02\x02\x02\x02\x02\x02\x06‡GG\x03¢òö7–wv–âæ6öÒ÷\a&ö&ÆV×2æ‡FÖÀФd\x15\x13¢\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x06‡GG\x03¢òö7–wv–âæ6öÒöf\x17\x12ðФFö7VÖVçF\x17F–öã¢\x02\x02\x02\x02\x02\x02\x02\x02\x06‡GG\x03¢òö7–wv–âæ6öÒöFö72æ‡FÖÀÐ¥Vç7V'67&–&R\x06–æfó¢\x02\x02\x02\x02\x02\x06‡GG\x03¢òö7–wv–âæ6öÒöÖÂò7Vç7V'67&–&R×6–×\x06ÆPРÐ

Empty file without "x" permission is successfully executable on Cygwin

[Lavrentiev, Anton (NIH/NLM/NCBI) [C] via cygwin]

Hi,

Please consider the following shell session:

$ cat dummy.c
#include <stdio.h>

int main()
{
    return 0;
}
$ gcc -o dummy dummy.c
$ mv dummy.exe dummy
$ ./dummy
$ echo $?
0
$ chmod a-x dummy
$ ./dummy
-bash: ./dummy: Permission denied
$ rm dummy
$ touch dummy
$ ./dummy
$ echo $?
0

So Cygwin lets the shell to execute a zero-sized file regardless of the "x" perm
(non-empty files are not executable if they do not have "x", as shown above).

Is that expected?  On Unix, an empty file can only be executed (exit code 0) if there's the "x" permission granted.

There's more.  If I put some rubbish in a file, Cygwin still tries to execute it even if the "x" is not there:

$ rm dummy
$ echo "1" > dummy
$ ./dummy
./dummy: line 1: 1: command not found

So Cygwin knows about "dummy" being a PE32 executable missing the "x" (top of my session), and properly denies the execution
when there's no "x", but still lets all other file contents execute blindly (regardless of "x").  That's very dangerous!

Thanks,
Anton Lavrentiev


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple