Re: Empty file without "x" permission is successfully executable on Cygwin
On Wed, 07 Aug 2019 08:12:28, Houder wrote: > On Tue, 6 Aug 2019 19:09:04, Lavrentiev, Anton (NIH/NLM/NCBI) [C] via cygwin" > wrote: > > > zero-sized? Irrelevant. > > > > It is actually very relevant. Because executing an empty script results in= > > "success" (exit code 0) -- that creates a false-positive. [snip] > What I meant, was: a regular file (empty or not), but w/o shebang and w/o the > execute bit, will be executed by Cygwin, contrary to what happens on Unix. > > This behaviour (again: different from Unix) has existed for at least a decade. > > That is why I wrote: Cygwin != Linux. > > When I found out, years and years ago, I assumed that the deviation was due > to FAT filesystems (not being able to represent the x-bit). > > Perhaps I was wrong. Perhaps the Cygwin maintainers merely goofed up long ago. And again I was wrong ... - https://cygwin.com/ml/cygwin/2009-06/msg00721.html ( Re: Cygwin 1.7: Possible file permission errors in 'base-files' ) "I've put that on my TODO list." - https://cygwin.com/ml/cygwin/2009-06/msg00727.html ( HEADSUP maintainers: Packages install scripts without execute permissions ) "I have the patch for this ready ..." Now that the problem has been fixed by Corinna, she can remove it from her TODO list :-P Henri -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: Empty file without "x" permission is successfully executable on Cygwin
On Tue, 6 Aug 2019 19:09:04, Lavrentiev, Anton (NIH/NLM/NCBI) [C] via cygwin" wrote: > > zero-sized? Irrelevant. > > It is actually very relevant. Because executing an empty script results in= > "success" (exit code 0) -- that creates a false-positive. Good morning Anton, Sorry for being brief (and not being clear!). (and sorry for being late to the party :-) What I meant, was: a regular file (empty or not), but w/o shebang and w/o the execute bit, will be executed by Cygwin, contrary to what happens on Unix. This behaviour (again: different from Unix) has existed for at least a decade. That is why I wrote: Cygwin != Linux. When I found out, years and years ago, I assumed that the deviation was due to FAT filesystems (not being able to represent the x-bit). Perhaps I was wrong. Perhaps the Cygwin maintainers merely goofed up long ago. Henri -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: Empty file without "x" permission is successfully executable on Cygwin
> I did read the thread. Really? > which you confirmed after the fact. Oh really? Then read again: In my initial post that started the entire thread I wrote: > On Unix, an empty file can only be executed (exit code 0) if there's the "x" > permission granted. So what's your deal, exactly? -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: Empty file without "x" permission is successfully executable on Cygwin
> On Aug 6, 2019, at 4:16 PM, Lavrentiev, Anton (NIH/NLM/NCBI) [C] wrote: > >> Which is why, as Ken said, the size is irrelevant. > > Which makes your comment irrelevant as well. Read the thread what I was > responding and to whom before trolling. I did read the thread. And Ken's comment was exactly correct, which you confirmed after the fact. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: Empty file without "x" permission is successfully executable on Cygwin
> Which is why, as Ken said, the size is irrelevant. Which makes your comment irrelevant as well. Read the thread what I was responding and to whom before trolling. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: Empty file without "x" permission is successfully executable on Cygwin
> On Aug 6, 2019, at 3:39 PM, Lavrentiev, Anton (NIH/NLM/NCBI) [C] via wrote: > >> But what's your basis for saying that an empty script shouldn't be >> executable? > > I meant it only in the context of the script file lacking the proper "x" > permission. > Of course an empty script _with_ such permissions allowed must be executable, > and it will always complete with exit code 0. Which is why, as Ken said, the size is irrelevant. What's relevant is that it shouldn't be executing anything that doesn't have the executable bit set. Which is what Corinna fixed. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: Empty file without "x" permission is successfully executable on Cygwin
> But what's your basis for saying that an empty script shouldn't be executable? I meant it only in the context of the script file lacking the proper "x" permission. Of course an empty script _with_ such permissions allowed must be executable, and it will always complete with exit code 0. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: Empty file without "x" permission is successfully executable on Cygwin
On 8/6/2019 3:09 PM, Lavrentiev, Anton (NIH/NLM/NCBI) [C] via cygwin wrote: >> zero-sized? Irrelevant. > > It is actually very relevant. Because executing an empty script results in > "success" (exit code 0) -- that creates a false-positive. You were absolutely right on your first complaint, that Cygwin allows a script without execute permission to be executed. Corinna has already fixed that: https://cygwin.com/git/gitweb.cgi?p=newlib-cygwin.git;a=commit;h=98669a24760a84bfef498fedeef7fa7ecc518e6c But what's your basis for saying that an empty script shouldn't be executable? As long as it has execute permission, you're asking the shell to do nothing. It happily does nothing and reports success. It works that way on Linux also: $ touch dummy $ chmod +x dummy $ ./dummy $ echo $? 0 Ken
Re: Empty file without "x" permission is successfully executable on Cygwin
> zero-sized? Irrelevant. It is actually very relevant. Because executing an empty script results in "success" (exit code 0) -- that creates a false-positive. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: Empty file without "x" permission is successfully executable on Cygwin
On Aug 6 10:33, Corinna Vinschen wrote:
> On Aug 6 03:19, Ken Brown wrote:
> > >>> On 8/5/2019 2:18 PM, Lavrentiev, Anton (NIH/NLM/NCBI) [C] via cygwin
> > >>> wrote:
> > Hi,
> >
> > Please consider the following shell session:
> >
> > $ cat dummy.c
> > #include
> >
> > int main()
> > {
> > return 0;
> > }
> > $ gcc -o dummy dummy.c
> > $ mv dummy.exe dummy
> > $ ./dummy
> > $ echo $?
> > 0
> > $ chmod a-x dummy
> > $ ./dummy
> > -bash: ./dummy: Permission denied
> > $ rm dummy
> > $ touch dummy
> > $ ./dummy
> > $ echo $?
> > 0
> > [...]
> > It look like what's happening is that bash calls execve(), which returns
> > with
> > errno ENOEXEC instead of EACCES.
> >
> > I'll look at this more tomorrow unless someone beats me to it.
>
> Looks like the checks for this scenario are in the wrong order. In
> av::setup(), the first check is if the file is a valid executable and if
> so, exec returns ENOEXEC (unless called via exec[vl]p). Only if that
> fails, av::setup checks the executability of the file(*).
Sorry, this description makes no sense. Let me try again, here's
what av::setup does:
- Check if the file has been recognized as a she-bang script.
- If not, checks if we have been called from exec[vl]p.
- If not, return with ENOEXEC.
- If yes, prepend /bin/sh to the script name.
- Check if file is executable.
- If not, return with EACCES.
- Continue script handling.
> Ken, I'll propose a patch on cygwin-patches, please check.
Corinna
--
Corinna Vinschen
Cygwin Maintainer
signature.asc
Description: PGP signature
Re: Empty file without "x" permission is successfully executable on Cygwin
On Aug 6 03:19, Ken Brown wrote:
> On 8/5/2019 4:39 PM, Ken Brown wrote:
> > On 8/5/2019 4:19 PM, Thomas Wolff wrote:
> >>
> >> Am 05.08.2019 um 22:01 schrieb Ken Brown:
> >>> On 8/5/2019 2:18 PM, Lavrentiev, Anton (NIH/NLM/NCBI) [C] via cygwin
> >>> wrote:
> Hi,
>
> Please consider the following shell session:
>
> $ cat dummy.c
> #include
>
> int main()
> {
> return 0;
> }
> $ gcc -o dummy dummy.c
> $ mv dummy.exe dummy
> $ ./dummy
> $ echo $?
> 0
> $ chmod a-x dummy
> $ ./dummy
> -bash: ./dummy: Permission denied
> $ rm dummy
> $ touch dummy
> $ ./dummy
> $ echo $?
> 0
>
> So Cygwin lets the shell to execute a zero-sized file regardless of the
> "x" perm
> (non-empty files are not executable if they do not have "x", as shown
> above).
> >>> I can't reproduce this on my system. Can you show the permissions and
> >>> ACL of
> >>> dummy?
> >>>
> There's more. If I put some rubbish in a file, Cygwin still tries to
> execute
> it even if the "x" is not there:
>
> $ rm dummy
> $ echo "1" > dummy
> $ ./dummy
> ./dummy: line 1: 1: command not found
> >>> Again I can't reproduce this.
> >> I reproduce the behaviour:
> >> > echo echo foo > bar
> >> > ls -l bar
> >> -rw-r--r-- 1 towo None 9 5. Aug 22:18 bar
> >> > ./bar
> >> foo
> >
> > You're right. I was careless in my test. Sorry for the noise.
>
> It look like what's happening is that bash calls execve(), which returns with
> errno ENOEXEC instead of EACCES.
>
> I'll look at this more tomorrow unless someone beats me to it.
Looks like the checks for this scenario are in the wrong order. In
av::setup(), the first check is if the file is a valid executable and if
so, exec returns ENOEXEC (unless called via exec[vl]p). Only if that
fails, av::setup checks the executability of the file(*).
Ken, I'll propose a patch on cygwin-patches, please check.
Thanks,
Corinna
(*) Note that the executability test only makes sense on filesystems
supporting execute bits. On FAT filesystems, no such check will take
place and Cygwin will not encounter EACCES scenarios.
--
Corinna Vinschen
Cygwin Maintainer
signature.asc
Description: PGP signature
Re: Empty file without "x" permission is successfully executable on Cygwin
On Mon, 5 Aug 2019 18:18:52, Lavrentiev, Anton (NIH/NLM/NCBI) [C] via cygwin"
wrote:
> Hi,
>
> Please consider the following shell session:
>
> $ cat dummy.c
> #include
>
> int main()
> {
> return 0;
> }
> $ gcc -o dummy dummy.c
> $ mv dummy.exe dummy
> $ ./dummy
> $ echo $?
> 0
> $ chmod a-x dummy
> $ ./dummy
> -bash: ./dummy: Permission denied
> $ rm dummy
> $ touch dummy
> $ ./dummy
> $ echo $?
> 0
>
> So Cygwin lets the shell to execute a zero-sized file regardless of
> the "x" perm ...
zero-sized? Irrelevant.
[snip]
> Is that expected? On Unix, an empty file can only be executed (exit
> code 0) if there's the "x" permission granted.
Yes, Cygwin != Linux.
64-@@ echo date > dummy
64-@@ ls -l dummy
-rw-r--r-- 1 Henri None 5 Aug 6 08:01 dummy
64-@@ ./dummy
Tue Aug 6 08:01:19 CEST 2019
64-@@ dash
$ ./dummy
Tue Aug 6 08:01:38 CEST 2019 < (execution by /bin/sh)
$ mv /bin/sh /bin/OOS
$ ls -l /bin/sh.exe
ls: cannot access '/bin/sh.exe': No such file or directory
$ ./dummy
dash: 4: ./dummy: not found < attempted to execute "script" using /bin/sh
Also study:
https://stackoverflow.com/questions/7268437/bash-script-execution-with-and-without-shebang-in-linux-and-bsd
( Bash script execution with and without shebang in Linux and BSD )
and
http://www.faqs.org/faqs/unix-faq/faq/part3/section-16.html
Henri
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: Empty file without "x" permission is successfully executable on Cygwin
On 8/5/2019 4:39 PM, Ken Brown wrote:
> On 8/5/2019 4:19 PM, Thomas Wolff wrote:
>>
>> Am 05.08.2019 um 22:01 schrieb Ken Brown:
>>> On 8/5/2019 2:18 PM, Lavrentiev, Anton (NIH/NLM/NCBI) [C] via cygwin wrote:
Hi,
Please consider the following shell session:
$ cat dummy.c
#include
int main()
{
return 0;
}
$ gcc -o dummy dummy.c
$ mv dummy.exe dummy
$ ./dummy
$ echo $?
0
$ chmod a-x dummy
$ ./dummy
-bash: ./dummy: Permission denied
$ rm dummy
$ touch dummy
$ ./dummy
$ echo $?
0
So Cygwin lets the shell to execute a zero-sized file regardless of the
"x" perm
(non-empty files are not executable if they do not have "x", as shown
above).
>>> I can't reproduce this on my system. Can you show the permissions and ACL
>>> of
>>> dummy?
>>>
There's more. If I put some rubbish in a file, Cygwin still tries to
execute
it even if the "x" is not there:
$ rm dummy
$ echo "1" > dummy
$ ./dummy
./dummy: line 1: 1: command not found
>>> Again I can't reproduce this.
>> I reproduce the behaviour:
>> > echo echo foo > bar
>> > ls -l bar
>> -rw-r--r-- 1 towo None 9 5. Aug 22:18 bar
>> > ./bar
>> foo
>
> You're right. I was careless in my test. Sorry for the noise.
It look like what's happening is that bash calls execve(), which returns with
errno ENOEXEC instead of EACCES.
I'll look at this more tomorrow unless someone beats me to it.
Ken
Re: Empty file without "x" permission is successfully executable on Cygwin
On 8/5/2019 4:19 PM, Thomas Wolff wrote:
>
> Am 05.08.2019 um 22:01 schrieb Ken Brown:
>> On 8/5/2019 2:18 PM, Lavrentiev, Anton (NIH/NLM/NCBI) [C] via cygwin wrote:
>>> Hi,
>>>
>>> Please consider the following shell session:
>>>
>>> $ cat dummy.c
>>> #include
>>>
>>> int main()
>>> {
>>> return 0;
>>> }
>>> $ gcc -o dummy dummy.c
>>> $ mv dummy.exe dummy
>>> $ ./dummy
>>> $ echo $?
>>> 0
>>> $ chmod a-x dummy
>>> $ ./dummy
>>> -bash: ./dummy: Permission denied
>>> $ rm dummy
>>> $ touch dummy
>>> $ ./dummy
>>> $ echo $?
>>> 0
>>>
>>> So Cygwin lets the shell to execute a zero-sized file regardless of the "x"
>>> perm
>>> (non-empty files are not executable if they do not have "x", as shown
>>> above).
>> I can't reproduce this on my system. Can you show the permissions and ACL
>> of
>> dummy?
>>
>>> There's more. If I put some rubbish in a file, Cygwin still tries to
>>> execute
>>> it even if the "x" is not there:
>>>
>>> $ rm dummy
>>> $ echo "1" > dummy
>>> $ ./dummy
>>> ./dummy: line 1: 1: command not found
>> Again I can't reproduce this.
> I reproduce the behaviour:
> > echo echo foo > bar
> > ls -l bar
> -rw-r--r-- 1 towo None 9 5. Aug 22:18 bar
> > ./bar
> foo
You're right. I was careless in my test. Sorry for the noise.
Ken
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: Empty file without "x" permission is successfully executable on Cygwin
Am 05.08.2019 um 22:01 schrieb Ken Brown:
On 8/5/2019 2:18 PM, Lavrentiev, Anton (NIH/NLM/NCBI) [C] via cygwin wrote:
Hi,
Please consider the following shell session:
$ cat dummy.c
#include
int main()
{
return 0;
}
$ gcc -o dummy dummy.c
$ mv dummy.exe dummy
$ ./dummy
$ echo $?
0
$ chmod a-x dummy
$ ./dummy
-bash: ./dummy: Permission denied
$ rm dummy
$ touch dummy
$ ./dummy
$ echo $?
0
So Cygwin lets the shell to execute a zero-sized file regardless of the "x" perm
(non-empty files are not executable if they do not have "x", as shown above).
I can't reproduce this on my system. Can you show the permissions and ACL of
dummy?
There's more. If I put some rubbish in a file, Cygwin still tries to execute it even if
the "x" is not there:
$ rm dummy
$ echo "1" > dummy
$ ./dummy
./dummy: line 1: 1: command not found
Again I can't reproduce this.
I reproduce the behaviour:
> echo echo foo > bar
> ls -l bar
-rw-r--r-- 1 towo None 9 5. Aug 22:18 bar
> ./bar
foo
>
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: Empty file without "x" permission is successfully executable on Cygwin
On 8/5/2019 2:18 PM, Lavrentiev, Anton (NIH/NLM/NCBI) [C] via cygwin wrote:
> Hi,
>
> Please consider the following shell session:
>
> $ cat dummy.c
> #include
>
> int main()
> {
> return 0;
> }
> $ gcc -o dummy dummy.c
> $ mv dummy.exe dummy
> $ ./dummy
> $ echo $?
> 0
> $ chmod a-x dummy
> $ ./dummy
> -bash: ./dummy: Permission denied
> $ rm dummy
> $ touch dummy
> $ ./dummy
> $ echo $?
> 0
>
> So Cygwin lets the shell to execute a zero-sized file regardless of the "x"
> perm
> (non-empty files are not executable if they do not have "x", as shown above).
I can't reproduce this on my system. Can you show the permissions and ACL of
dummy?
> There's more. If I put some rubbish in a file, Cygwin still tries to execute
> it even if the "x" is not there:
>
> $ rm dummy
> $ echo "1" > dummy
> $ ./dummy
> ./dummy: line 1: 1: command not found
Again I can't reproduce this.
Ken
Empty file without "x" permission is successfully executable on Cygwin
Hi,
Please consider the following shell session:
$ cat dummy.c
#include
int main()
{
return 0;
}
$ gcc -o dummy dummy.c
$ mv dummy.exe dummy
$ ./dummy
$ echo $?
0
$ chmod a-x dummy
$ ./dummy
-bash: ./dummy: Permission denied
$ rm dummy
$ touch dummy
$ ./dummy
$ echo $?
0
So Cygwin lets the shell to execute a zero-sized file regardless of the "x" perm
(non-empty files are not executable if they do not have "x", as shown above).
Is that expected? On Unix, an empty file can only be executed (exit code 0) if
there's the "x" permission granted.
There's more. If I put some rubbish in a file, Cygwin still tries to execute
it even if the "x" is not there:
$ rm dummy
$ echo "1" > dummy
$ ./dummy
./dummy: line 1: 1: command not found
So Cygwin knows about "dummy" being a PE32 executable missing the "x" (top of
my session), and properly denies the execution
when there's no "x", but still lets all other file contents execute blindly
(regardless of "x"). That's very dangerous!
Thanks,
Anton Lavrentiev
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
