Author eryksun
Recipients eryksun, paul.moore, steve.dower, tim.golden, zach.ware
Date 2019-08-16.22:22:23
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1565994143.67.0.875706549306.issue37834@roundup.psfhosted.org>
In-reply-to
Content
> the '/mnt/c/Document and Settings' junction... though now I try 
> it that those don't actually work...)

The security on compatibility junctions denies everyone read-data (list) access, but in Windows they can still be traversed (e.g. "C:/Documents and Settings/Public") because execute (traverse) access isn't denied, and even if it were denied, standard Windows users have SeChangeNotifyPrivilege to bypass traverse checking. 

I created a test junction named "eggs" that targets a directory named "spam" that has "spam/foo" subdirectory. I set the junction's security to match that of "Documents and Settings". In WSL, trying to traverse it to stat the "foo" subdirectory failed with EACCES, just as with "Documents and Settings/Public". After removing the entry that denies read-data access, it worked fine. There's no problem traversing "spam" directly if I set the same security on it that denies everyone read-data access; it only prevents listing the directory. 

It seems that in order to evaluate an NT junction, drvfs tries to open it with read-data access. I don't see why it would have to do that.
History
Date User Action Args
2019-08-16 22:22:23eryksunsetrecipients: + eryksun, paul.moore, tim.golden, zach.ware, steve.dower
2019-08-16 22:22:23eryksunsetmessageid: <1565994143.67.0.875706549306.issue37834@roundup.psfhosted.org>
2019-08-16 22:22:23eryksunlinkissue37834 messages
2019-08-16 22:22:23eryksuncreate