Shell scripts [was Re: Avoiding /etc/passwd and /etc/group scans]

Pierre A. Humblet Pierre.Humblet@ieee.org
Tue Oct 22 19:10:00 GMT 2002


At 09:26 PM 10/22/2002 -0400, Christopher Faylor wrote:
>>All your changes in fhandler_disk_file.cc are in the branch with
>>get_file_attribute () != 0, Thus they do not apply to successful calls
>>with ntsec.
>
>No, they're not.

Oops. Now that I look at the source and not the web diff it's obvious.

>We've made ntsec the default but there are possibly a number of people
>out there who have never done a 'chmod a+x foo' on their shell scripts.
>Until we have a consistent story on how to solve their problems, I think
>it makes sense to make '#!' always executable.

OK, it hits me hard. I have thought too much about the sids mapping issue.

>I'm willing to be swayed on this but, so far, it doesn't seem like anyone
>is effectively communicating with anyone else here.  We need to get on
>the same page wrt the problems and how we are going to solve them.

That's a tough one. 

I see 3 possible ways:
1) Your current way. Magic => executable. 
   Convenient but chmod is broken and big break with Unix.
2) use another CYGWIN= variable, to make that feature optional.
3) use nontsec if you are not willing to 'chmod a+x foo'

I think I would vote for 3.

I would also distribute a script or a program to chmod all scripts
in a tree. Under user control, not from setup. 

Also, you have
     buf->st_mode |= STD_XBITS; 
so there will be x bits even when it isn't readable. 
That can be improved easily, for 1 or 2 or the script.


Pierre



More information about the Cygwin-developers mailing list