[PATCH] Cygwin: exec: check execute bit prior to evaluating script

Corinna Vinschen corinna-cygwin@cygwin.com
Tue Aug 6 14:18:00 GMT 2019 

On Aug  6 12:09, Ken Brown wrote:
> On 8/6/2019 4:53 AM, Corinna Vinschen wrote:
> > From: Corinna Vinschen <corinna-cygwin@cygwin.com>
> > 
> > When the exec family of functions is called for a script-like
> > file, the av::setup function handles the exec[vl]p case as
> > well.  The execve case for files not starting with a she-bang
> > is handled first by returning ENOEXEC.  Only after that, the
> > file's executability is checked.
> > 
> > This leads to the problem that ENOEXEC is returned for non-executable
> > files as well.  A calling shell interprets this as a file it should try
> > to run as script.  This is not desired for non-executable files.
> > 
> > Fix this problem by checking the file for executability first.  Only
> > after that, follow the other potential code paths.
> > ---
> >   winsup/cygwin/spawn.cc | 12 ++++++------
> >   1 file changed, 6 insertions(+), 6 deletions(-)
> > 
> > diff --git a/winsup/cygwin/spawn.cc b/winsup/cygwin/spawn.cc
> > index 7f7af4449da1..d95772802f8f 100644
> > --- a/winsup/cygwin/spawn.cc
> > +++ b/winsup/cygwin/spawn.cc
> > @@ -1172,6 +1172,12 @@ av::setup (const char *prog_arg, path_conv& real_path, const char *ext,
> >   	  }
> >   	UnmapViewOfFile (buf);
> >     just_shell:
> > +	/* Check if script is executable.  Otherwise we start non-executable
> > +	   scripts successfully, which is incorrect behaviour. */
> > +	if (real_path.has_acls ()
> > +	    && check_file_access (real_path, X_OK, true) < 0)
> > +	  return -1;	/* errno is already set. */
> > +
> >   	if (!pgm)
> >   	  {
> >   	    if (!p_type_exec)
> > @@ -1188,12 +1194,6 @@ av::setup (const char *prog_arg, path_conv& real_path, const char *ext,
> >   	    arg1 = NULL;
> >   	  }
> >   
> > -	/* Check if script is executable.  Otherwise we start non-executable
> > -	   scripts successfully, which is incorrect behaviour. */
> > -	if (real_path.has_acls ()
> > -	    && check_file_access (real_path, X_OK, true) < 0)
> > -	  return -1;	/* errno is already set. */
> > -
> >   	/* Replace argv[0] with the full path to the script if this is the
> >   	   first time through the loop. */
> >   	replace0_maybe (prog_arg);
> 
> LGTM, and I've confirmed that it fixes the problem reported in 
> http://www.cygwin.org/ml/cygwin/2019-08/msg00054.html.
> 
> Ken

Thanks!  Pushed.


Corinna

-- 
Corinna Vinschen
Cygwin Maintainer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin-patches/attachments/20190806/199141a7/attachment.sig>

More information about the Cygwin-patches mailing list