bash /cmd disagree about owner and permissions to executable

Ubuntu ubuntu@wolf.rettoggalt.com
Mon Jan 6 17:01:00 GMT 2020


To recap, after removing excessive terminal output documentation in earlier mails:

> I installed python3.8 from the "Microsoft Store".
> Then I could run "python3 myscript.py" in a 'cmd' terminal but not in a mintty/bash terminal.
> The bash terminal gave "permission denied".
> 
> Investigating, I found that the PATH variable pointed to a python3.exe in the directory
> C:\Users\Heidi\AppData\Local\Microsoft\WindowsApps.
> 
> Using /bin/ls or using "cmd /c dir /q" would display different owners:
>
> > ls:  -rwxr-x--- 1 Unknown+User Unknown+Group 0 des 26 19:25     python3.exe
> > cmd: 26.12.2019  19.25                 0 PANTER\Heidi           python3.exe
>
> Noting the byte count of zero, I found the file is a reparse point of some "unknown Microsoft" type pointing to
>
> > C:\Program Files\WindowsApps\<very long folder name>\python3.8.exe
>
> (The reparse point type was "unknown" as per Mark Russnivitch's fsutil.exe of 2005.)
> 
> The permissions on "Program Files\WindowsApps" are quite restricted indeed.




On Mon, Dec 30, 2019 at 01:35:53PM -0700, Brian Inglis wrote:
> https://stackoverflow.com/questions/58296925/what-is-zero-byte-executable-files-in-windows#comment102978067_58296925
> 
> "This is a special type of app-execution reparse point that's used to set up the
> security context for running a UWP app. CreateProcessW reparses this internally
> in order to allow individual users to run a particular app."

Very interesting indeed.

But one important question remains: Why do we get "Permission Denied" when 
running from bash, not when running from cmd?

Some derived questions:

Doesn't bash call CreateProcessW?

Should it?

If "CreateProcessW reparses this internally in order to allow individual
users to run a particular app", how does CreateProcessW do that?

What does it base its decisions on?

Has Microsoft implemented a new, competing security system?

Where does the new security system store the permissions?

Are we going to see more and more Windows program becoming
unavailable to Cygwin?

Does cygwin need to reverse engineer this new security system?

Besides I notice that I can do "cygstart myscript.py", and the program runs.
However, it runs in a cmd window that disappears immediately upon termination.


Regards, 
Enrique Perez-Terron

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple



More information about the Cygwin mailing list