This is the mail archive of the
mailing list for the Cygwin project.
Re: HEADSUP maintainers: Packages install scripts without execute permissions
- From: Ken Brown <kbrown at cornell dot edu>
- To: cygwin-apps at cygwin dot com
- Date: Mon, 22 Jun 2009 09:45:12 -0400
- Subject: Re: HEADSUP maintainers: Packages install scripts without execute permissions
- References: <4A3D1570.email@example.com> <20090622094310.GN5039@calimero.vinschen.de> <20090622131224.GA19418@calimero.vinschen.de>
On 6/22/2009 9:12 AM, Corinna Vinschen wrote:
Here's the problem: If you exec shell scripts, they should only be run
if the user trying to run the script has execute permissions on the
script. This requires to check for executability in Cygwin, but as of
today, such a check isn't performed in Cygwin.
I have the patch for this ready, but I found that it would potentially
break a couple of packages which have not set execute permissions on
some of their script files.
As you should know by now, setup for Cygwin 1.7 will set POSIX file
permissions for the files extracted from the tar archives. That means,
all scripts which don't have execute permissions set, will also not have
execute permissions set after the user installed them. That's bad.
So I created a list of packages which install scripts into
/etc/preremove, /etc/postinstall, and /usr/bin without setting execute
permissions on them. Please guys, fix the permissions ASAP.
Users who have existing preremove scripts without execute permissions
will still have problems if you change setup.exe to check for this,