On Feb 26 08:42, Thomas Wolff wrote: > Am 26.02.2020 um 06:29 schrieb Jun T: > > It seems 'ls -l dir/file' or 'stat dir/file' succeeds even if > > I don't have read/search permission for the 'dir'. > > > > Create a directory and a file in it: > > > > $ mkdir tmpdir > > $ ls -ld tmpdir > > drwxr-xr-x+ 1 takimoto none 0 Feb 26 12:46 tmpdir > > $ touch tmpdir/afile > > $ ls -l tmpdir/afile > > -rw-r--r-- 1 takimoto 0 none Feb 26 12:46 tmpdir/afile > > > > Remove all permissions from tmpdir: > > > > $ chmod 0000 tmpdir > > $ ls -ld tmpdir > > d---------+ 1 takimoto none 0 Feb 26 12:46 tmpdir > > $ getfacl tmpdir > > # file: tmpdir > > # owner: takimoto > > # group: none > > user::--- > > group::--- > > other::--- > > default:user::rwx > > default:group::r-x > > default:other::r-x > > > > This fails as expected: > > > > $ ls -l tmpdir > > ls: cannot open directory 'tmpdir': Permission denied > > > > But the followings succeed (should fail, I believe): > > > > $ ls -l tmpdir/afile > > -rw-r--r-- 1 takimoto none 0 Feb 26 12:46 tmpdir/afile > > $ stat tmpdir/afile > > File: tmpdir/afile > > Size: 0 Blocks: 0 IO Block: 65536 regular empty > > file > > Device: d05d00abh/3495755947d Inode: 14636698789089092 Links: 1 > > Access: (0644/-rw-r--r--) Uid: (197609/takimoto) Gid: (197121/ none) > > Access: 2020-02-26 12:46:12.478966400 +0900 > > Modify: 2020-02-26 12:46:12.478966400 +0900 > > Change: 2020-02-26 12:46:12.464849300 +0900 > > Birth: 2020-02-26 12:46:12.464849300 +0900 > > > > Does this happen only for me? > To confirm, I noticed this before.
This is Windows for you: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking The default is to bypass traverse checking for *all* users. If you change this in the "Local Security Policy" for a user, bad things happen, as described in the "Potential impact" section in thew above document. Way back when we had code in Cygwin which enabled traverse checking for a while. It always resulted in problems, so we reverted it. I always planned to reenable that in a lean way, that is, only at "open file on NTFS" rather than the original "always on as soon as the process starts", but I never got around to it. In fact, it doesn't make much sense to disallow Cygwin processes access to files, a native Windows process can easily access, so I scratched the idea. Corinna -- Corinna Vinschen Cygwin Maintainer
signature.asc
Description: PGP signature
