This is the mail archive of the cygwin-apps mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: HEADSUP maintainers: Packages install scripts without execute permissions

On 6/22/2009 9:12 AM, Corinna Vinschen wrote: 
Here's the problem:  If you exec shell scripts, they should only be run
if the user trying to run the script has execute permissions on the
script.  This requires to check for executability in Cygwin, but as of
today, such a check isn't performed in Cygwin.

I have the patch for this ready, but I found that it would potentially
break a couple of packages which have not set execute permissions on
some of their script files.

As you should know by now, setup for Cygwin 1.7 will set POSIX file
permissions for the files extracted from the tar archives.  That means,
all scripts which don't have execute permissions set, will also not have
execute permissions set after the user installed them.  That's bad.

So I created a list of packages which install scripts into
/etc/preremove, /etc/postinstall, and /usr/bin without setting execute
permissions on them.  Please guys, fix the permissions ASAP.

Users who have existing preremove scripts without execute permissions will still have problems if you change setup.exe to check for this, won't they?

Ken

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]