Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 9 Aug 2025 09:23:39 -0400
From:      Michael Sierchio <kudzu@tenebras.com>
To:        =?UTF-8?Q?Dag=2DErling_Sm=C3=B8rgrav?= <des@freebsd.org>
Cc:        questions@freebsd.org
Subject:   Re: shebanged script not executed right - wth
Message-ID:  <CAHu1Y73TiEL1vYvBt2_d=tDYKS8L8dGFjfKiwYWMf%2Bw%2BpA5_Qw@mail.gmail.com>
In-Reply-To: <861ppk1w8j.fsf@ltc.des.dev>
References:  <N2fQGG8xsXO132Bf@aceecat.org> <38974.1754741865@ruk.vpn.home.arpa> <86a5481xax.fsf@ltc.des.dev> <865xew1ww9.fsf@ltc.des.dev> <861ppk1w8j.fsf@ltc.des.dev>
index | next in thread | previous in thread | raw e-mail 

[-- Attachment #1 --]
On Sat, Aug 9, 2025 at 9:05 AM Dag-Erling Smørgrav <des@freebsd.org> wrote:

>
> I found the place in the code that prevents double indirection, in
> sys/kern/imgact_shell.c:
>
>         /*
>          * Don't allow a shell script to be the shell for a shell
>          *      script. :-)
>          */
>         if (imgp->interpreted & IMGACT_SHELL)
>                 return (ENOEXEC);
>
> We could remove this with no ill effects, but I'm not sure we want to.


Loop detection?  Privilege escalation prevention?  I might be entirely
wrong, but the potential hazards seem to outweigh any possibly benefit.

[-- Attachment #2 --]
<div dir="ltr"><div dir="ltr">On Sat, Aug 9, 2025 at 9:05 AM Dag-Erling Smørgrav &lt;<a href="mailto:des@freebsd.org">des@freebsd.org</a>&gt; wrote:</div><div class="gmail_quote gmail_quote_container"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
I found the place in the code that prevents double indirection, in<br>
sys/kern/imgact_shell.c:<br>
<br>
        /*<br>
         * Don&#39;t allow a shell script to be the shell for a shell<br>
         *      script. :-)<br>
         */<br>
        if (imgp-&gt;interpreted &amp; IMGACT_SHELL)<br>
                return (ENOEXEC);<br>
<br>
We could remove this with no ill effects, but I&#39;m not sure we want to.</blockquote><div><br></div><div>Loop detection?  Privilege escalation prevention?  I might be entirely wrong, but the potential hazards seem to outweigh any possibly benefit. </div></div></div>
help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHu1Y73TiEL1vYvBt2_d=tDYKS8L8dGFjfKiwYWMf%2Bw%2BpA5_Qw>