This is the mail archive of the
cygwin-developers@sources.redhat.com
mailing list for the Cygwin project.
Re: [RFD]: Execute permission for DLLs?
- To: Christopher Faylor <cygwin-developers at sources dot redhat dot com>
- Subject: Re: [RFD]: Execute permission for DLLs?
- From: Egor Duda <deo at logos-m dot ru>
- Date: Tue, 31 Oct 2000 22:55:55 +0300
- Organization: DEO
- References: <39FEA32B.58D3518F@cygnus.com> <20001031122426.A27656@redhat.com>
- Reply-To: Egor Duda <cygwin-developers at sources dot redhat dot com>
Hi!
Tuesday, 31 October, 2000 Christopher Faylor cgf@redhat.com wrote:
CF> On Tue, Oct 31, 2000 at 11:47:07AM +0100, Corinna Vinschen wrote:
>>On NTFS partitions, NT/W2K require the execute permission for DLLs to
>>allow loading a DLL on process startup.
>>
>>That's no problem unless a person using `ntsec' gets a tar archive
>>packed by a person not using `ntsec' or packing on a FAT partition.
>>Since Cygwin fakes the execute permission only for the suffixes
>>"exe", "bat", "com", DLLs are treated as non executable by the
>>stat() call when `ntsec' isn't set.
>>
>>When a person using `ntsec' unpacks that tar archive, the start of
>>an application which requires one of the DLLs from the archive will
>>fail with the Windows message
>>
>> "The application failed to initialize properly (0xc0000022)"
>>
>>which isn't that meaningful for most of the users.
>>
>>To solve that problem we would have to do a simple step. Fake
>>execute permissions for DLLs when `ntsec' isn't set or the file
>>system doesn't support ACLs (FAT/FAT32).
>>
>>Thoughts?
CF> Are you saying that we *always* turn executable permissions on when
CF> we create a DLL file on NT? That makes sense to me.
i've understood it a bit differently. i think Corinna wants to turn
executable bit on when _creating_ tar file on "bad" system which
do not support ntsec, not when unpacking it on ntfs+ntsec system.
Turning executable permissions on when creating dll is solution too,
but for which user will you turn in on? for everyone? i don't think
it's a right thing from security point of view. for owner and group?
then you won't solve original problem.
Egor. mailto:deo@logos-m.ru ICQ 5165414 FidoNet 2:5020/496.19