environment: check execute permission in TryLocateExecutable

mjcheetham · mjcheetham · commit cf66f4d3b44a · 2026-03-31T14:01:02.000+01:00
In f1a1ae5 (environment: manually scan $PATH on POSIX systems, 2022-05-31) the `which`-based lookup was replaced with a manual PATH scan that only checks FileExists, without verifying execute permissions. Unlike `which`, this means a non-executable file earlier in PATH can shadow a valid executable, causing process creation to fail when GCM later tries to run the located path. Add an IsExecutable check that verifies at least one execute bit is set on POSIX systems, matching the behaviour of `which`. On Windows, any existing file is considered executable. Guard the POSIX-specific File.GetUnixFileMode call with #if !NETFRAMEWORK for net472 compatibility. Signed-off-by: Matthew John Cheetham <mjcheetham@outlook.com>
diff --git a/src/shared/Core/EnvironmentBase.cs b/src/shared/Core/EnvironmentBase.cs
@@ -138,7 +138,8 @@ internal virtual bool TryLocateExecutable(string program, ICollection<string> pa
                 {
                     string candidatePath = Path.Combine(basePath, program);
                     if (FileSystem.FileExists(candidatePath) && (pathsToIgnore is null ||
-                        !pathsToIgnore.Contains(candidatePath, StringComparer.OrdinalIgnoreCase)))
+                        !pathsToIgnore.Contains(candidatePath, StringComparer.OrdinalIgnoreCase))
+                        && IsExecutable(candidatePath))
                     {
                         path = candidatePath;
                         return true;
@@ -172,6 +173,27 @@ public void Refresh()
         }
 
         protected abstract IReadOnlyDictionary<string, string> GetCurrentVariables();
+
+        private static bool IsExecutable(string path)
+        {
+            // On Windows, any file that exists is considered executable.
+            if (!PlatformUtils.IsPosix())
+                return true;
+
+#if NETFRAMEWORK
+            // .NET Framework only targets Windows, so this is unreachable.
+            return true;
+#else
+            // On POSIX, verify the file has at least one execute bit set,
+            // matching the behaviour of the `which` utility.
+#pragma warning disable CA1416 // Platform guard via PlatformUtils.IsPosix()
+            var mode = File.GetUnixFileMode(path);
+            return (mode & (UnixFileMode.UserExecute |
+                            UnixFileMode.GroupExecute |
+                            UnixFileMode.OtherExecute)) != 0;
+#pragma warning restore CA1416
+#endif
+        }
     }
 
     public static class EnvironmentExtensions
