Shell scripts [was Re: Avoiding /etc/passwd and /etc/group scans]

Igor Pechtchanski pechtcha@cs.nyu.edu
Tue Oct 22 19:15:00 GMT 2002


On Tue, 22 Oct 2002, Pierre A. Humblet wrote:

> I would also distribute a script or a program to chmod all scripts
> in a tree. Under user control, not from setup.

I have a reasonably customizable script that I use for exactly the
opposite -- some files in my tree are created executable, and I use this
script to chmod -x all those that aren't (using extensions OR magic).  If
people think it would be helpful, I could modify it to do what you wanted
and send it to this list.
	Igor

On Tue, 22 Oct 2002, Pierre A. Humblet wrote:

> At 09:26 PM 10/22/2002 -0400, Christopher Faylor wrote:
> >>All your changes in fhandler_disk_file.cc are in the branch with
> >>get_file_attribute () != 0, Thus they do not apply to successful calls
> >>with ntsec.
> >
> >No, they're not.
>
> Oops. Now that I look at the source and not the web diff it's obvious.
>
> >We've made ntsec the default but there are possibly a number of people
> >out there who have never done a 'chmod a+x foo' on their shell scripts.
> >Until we have a consistent story on how to solve their problems, I think
> >it makes sense to make '#!' always executable.
>
> OK, it hits me hard. I have thought too much about the sids mapping issue.
>
> >I'm willing to be swayed on this but, so far, it doesn't seem like anyone
> >is effectively communicating with anyone else here.  We need to get on
> >the same page wrt the problems and how we are going to solve them.
>
> That's a tough one.
>
> I see 3 possible ways:
> 1) Your current way. Magic => executable.
>    Convenient but chmod is broken and big break with Unix.
> 2) use another CYGWIN= variable, to make that feature optional.
> 3) use nontsec if you are not willing to 'chmod a+x foo'
>
> I think I would vote for 3.
>
> I would also distribute a script or a program to chmod all scripts
> in a tree. Under user control, not from setup.
>
> Also, you have
>      buf->st_mode |= STD_XBITS;
> so there will be x bits even when it isn't readable.
> That can be improved easily, for 1 or 2 or the script.
>
> Pierre

-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha@cs.nyu.edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor@watson.ibm.com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"Water molecules expand as they grow warmer" (C) Popular Science, Oct'02, p.51



More information about the Cygwin-developers mailing list