Hacker News new | ask | show | jobs
by JeffreySnover 3507 days ago
I've never quite understood the concern about needing to Set-ExecutionPolicy before running scripts.

In Unix, you have to chmod a+x a file before running it. And you have to do it for every script you want to run.

So to run 1 cmdlet to enable all scripts seems a bargain. (Honestly I could be missing something and I probably am because you are not the first person to mention it. I just can't connect the dots.)

Jeffrey Snover [MSFT]
2 comments
noinsight 3507 days ago
My problem with the Execution Policy is that it's useless in practice since it doesn't actually prevent anything (so it annoys me every time). What was the motivation for adding it since it's not a real security feature? If it actually prevented executing stuff full stop it would be cool. The signed script concept is cool... I wish I could do that with Python.

Was it just to prevent accidental script execution?

link
JeffreySnover 3507 days ago
That is correct (prevent accidental script execution).

It is ABSOLUTELY NOT a security mechanism. That is why we we support this:

Set-ExecutionPolicy -ExecutionPolicy Bypass

I wanted to make it:

Set-ExecutionPolicy -ExecutionPolicy DoAnythingBecauseTExecutionPolicyIsNOTASecurityFeature

But the team didn't like that. (I should have overruled them on that one :-) ).

Jeffrey Snover [MSFT]

link
Corrado 3507 days ago
I think the problem is that when you chmod a file it stays chmoded. With the Set-ExecutionPolicy I find that I have to do it every time I start a shell. I also run a lot of headless scripts (AWS cloud-init, services, etc.) and it's always a pain resetting everything every time. With Unix, I know that a script is executable or not, with PS I don't.

Also, I might not want every script to be executable. With Unix I can choose which ones are executable and by whom. With PS it's all or nothing. :/

link
JeffreySnover 3507 days ago
Yikes! - you shouldn't have to do Set-ExecutionPolicy every time you start a shell. Something is definitely wrong there.

Try doing a: Get-ExecutionPolicy -List to see what is setting it.

Then use -SCOPE on Set-ExecutionPolicy.

BTW - I hear you on the "only chmod the scripts you want" - that is a nice benefit of the Unix model.

Jeffrey Snover [MSFT]

link