This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: directory without search permission is searchable?

From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
To: cygwin at cygwin dot com
Date: Wed, 26 Feb 2020 11:54:47 +0100
Subject: Re: directory without search permission is searchable?
References: <06DDE076-BDA6-4877-BDD3-7F670CB38DB0@kba.biglobe.ne.jp> <a3f39b7e-2d34-a649-e5c1-7dd656b96af5@towo.net>
Reply-to: cygwin at cygwin dot com

On Feb 26 08:42, Thomas Wolff wrote:
> Am 26.02.2020 um 06:29 schrieb Jun T:
> > It seems 'ls -l dir/file' or 'stat dir/file' succeeds even if
> > I don't have read/search permission for the 'dir'.
> > 
> > Create a directory and a file in it:
> > 
> > $ mkdir tmpdir
> > $ ls -ld tmpdir
> > drwxr-xr-x+ 1 takimoto none 0 Feb 26 12:46 tmpdir
> > $ touch tmpdir/afile
> > $ ls -l tmpdir/afile
> > -rw-r--r-- 1 takimoto 0 none Feb 26 12:46 tmpdir/afile
> > 
> > Remove all permissions from tmpdir:
> > 
> > $ chmod 0000 tmpdir
> > $ ls -ld tmpdir
> > d---------+ 1 takimoto none 0 Feb 26 12:46 tmpdir
> > $ getfacl tmpdir
> > # file: tmpdir
> > # owner: takimoto
> > # group: none
> > user::---
> > group::---
> > other::---
> > default:user::rwx
> > default:group::r-x
> > default:other::r-x
> > 
> > This fails as expected:
> > 
> > $ ls -l tmpdir
> > ls: cannot open directory 'tmpdir': Permission denied
> > 
> > But the followings succeed (should fail, I believe):
> > 
> > $ ls -l tmpdir/afile
> > -rw-r--r-- 1 takimoto none 0 Feb 26 12:46 tmpdir/afile
> > $ stat tmpdir/afile
> >    File: tmpdir/afile
> >    Size: 0               Blocks: 0          IO Block: 65536  regular empty file
> > Device: d05d00abh/3495755947d   Inode: 14636698789089092  Links: 1
> > Access: (0644/-rw-r--r--)  Uid: (197609/takimoto)   Gid: (197121/  none)
> > Access: 2020-02-26 12:46:12.478966400 +0900
> > Modify: 2020-02-26 12:46:12.478966400 +0900
> > Change: 2020-02-26 12:46:12.464849300 +0900
> >   Birth: 2020-02-26 12:46:12.464849300 +0900
> > 
> > Does this happen only for me?
> To confirm, I noticed this before.

This is Windows for you:

https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking

The default is to bypass traverse checking for *all* users.  If you
change this in the "Local Security Policy" for a user, bad things happen,
as described in the "Potential impact" section in thew above document.

Way back when we had code in Cygwin which enabled traverse checking for
a while.  It always resulted in problems, so we reverted it.  I always
planned to reenable that in a lean way, that is, only at "open file on
NTFS" rather than the original "always on as soon as the process
starts", but I never got around to it.  In fact, it doesn't make much
sense to disallow Cygwin processes access to files, a native Windows
process can easily access, so I scratched the idea.


Corinna

-- 
Corinna Vinschen
Cygwin Maintainer

Attachment: signature.asc
Description: PGP signature

Follow-Ups:
- Re: directory without search permission is searchable?
  - From: Jun-ichi Takimoto

References:
- directory without search permission is searchable?
  - From: Jun T
- Re: directory without search permission is searchable?
  - From: Thomas Wolff

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]