Re: HEADSUP maintainers: Packages install scripts without execute permissions

[Corinna Vinschen <corinna-cygwin at cygwin dot com>]

On Jun 22 09:45, Ken Brown wrote:
> On 6/22/2009 9:12 AM, Corinna Vinschen wrote:
>> Here's the problem:  If you exec shell scripts, they should only be run
>> if the user trying to run the script has execute permissions on the
>> script.  This requires to check for executability in Cygwin, but as of
>> today, such a check isn't performed in Cygwin.
>>
>> I have the patch for this ready, but I found that it would potentially
>> break a couple of packages which have not set execute permissions on
>> some of their script files.
>>
>> As you should know by now, setup for Cygwin 1.7 will set POSIX file
>> permissions for the files extracted from the tar archives.  That means,
>> all scripts which don't have execute permissions set, will also not have
>> execute permissions set after the user installed them.  That's bad.
>>
>> So I created a list of packages which install scripts into
>> /etc/preremove, /etc/postinstall, and /usr/bin without setting execute
>> permissions on them.  Please guys, fix the permissions ASAP.
>
> Users who have existing preremove scripts without execute permissions  
> will still have problems if you change setup.exe to check for this,  
> won't they?

If the affected packages are replaced before we install a new Cygwin
DLL, which correctly checks for execute permissions, the preremove
scripts would be replaced with the ones with correct permissions
before the problem actually starts to become visible.

I don't understand how you suggest to change setup.exe.  In theory, it
could change permissions of scripts in /etc/preremove and
/etc/postinstall on the fly while installing them, as it already does
for *.exe files.  It could do the same also for .dll files, btw.
Is that what you mean?


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat