Date: Sun, 30 Aug 2009 14:37:41 -0700 From: perryh@pluto.rain.com To: m.seaman@infracaninophile.co.uk Cc: freebsd-questions@freebsd.org Subject: Re: SUID permission on Bash script Message-ID: <4a9af125.80kGkyIjVI185CUD%perryh@pluto.rain.com> In-Reply-To: <4A9A332F.8070300@infracaninophile.co.uk> References: <beaf3aa50908280124pbd2c760v8d51eb4ae965dedc@mail.gmail.com> <87y6p4pbd0.fsf@kobe.laptop> <20090829022431.5841d4de@gumby.homeunix.com> <4A98A8A1.7070305@prgmr.com> <4a98d375.W9fcoTOIN1DqRk/3%perryh@pluto.rain.com> <20090829134436.4461d8c9@gumby.homeunix.com> <4a9a0627.zA4OPJf/w06lQj0a%perryh@pluto.rain.com> <4A9A332F.8070300@infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Seaman <m.seaman@infracaninophile.co.uk> wrote: > > It would do no good for the kernel to hand the interpreter an > > open descriptor if the interpreter did not somehow know to read > > the script from that open descriptor instead of opening the > > script file by name. > > Errr -- no. That's what fdescfs(5) is for. When the kernel > execs the interpreter, it tells the script to open /dev/fd/5 (for > example) and doing that just connects the script to the open file > descriptor the kernel used previously to taste the magic number > and the #! line of the script. which -- again absent some special arrangement in the interpreter -- would cause the script to receive $0 as "/dev/fd/5" instead of the actual name of the script, no? I'd expect this to at least break any messages that the script might try to produce via constructs like echo "$0: whatever"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4a9af125.80kGkyIjVI185CUD%perryh>