From owner-freebsd-questions@FreeBSD.ORG Sun Aug 30 21:36:37 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DEEA41065672 for ; Sun, 30 Aug 2009 21:36:37 +0000 (UTC) (envelope-from perryh@pluto.rain.com) Received: from agora.rdrop.com (unknown [IPv6:2607:f678:1010::34]) by mx1.freebsd.org (Postfix) with ESMTP id B57FC8FC13 for ; Sun, 30 Aug 2009 21:36:37 +0000 (UTC) Received: from agora.rdrop.com (66@localhost [127.0.0.1]) by agora.rdrop.com (8.13.1/8.12.7) with ESMTP id n7ULaaSV031073 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 30 Aug 2009 14:36:37 -0700 (PDT) (envelope-from perryh@pluto.rain.com) Received: (from uucp@localhost) by agora.rdrop.com (8.13.1/8.12.9/Submit) with UUCP id n7ULaaNh031072; Sun, 30 Aug 2009 14:36:36 -0700 (PDT) Received: from fbsd61 by pluto.rain.com (4.1/SMI-4.1-pluto-M2060407) id AA03610; Sun, 30 Aug 09 14:34:16 PDT Date: Sun, 30 Aug 2009 14:37:41 -0700 From: perryh@pluto.rain.com To: m.seaman@infracaninophile.co.uk Message-Id: <4a9af125.80kGkyIjVI185CUD%perryh@pluto.rain.com> References: <87y6p4pbd0.fsf@kobe.laptop> <20090829022431.5841d4de@gumby.homeunix.com> <4A98A8A1.7070305@prgmr.com> <4a98d375.W9fcoTOIN1DqRk/3%perryh@pluto.rain.com> <20090829134436.4461d8c9@gumby.homeunix.com> <4a9a0627.zA4OPJf/w06lQj0a%perryh@pluto.rain.com> <4A9A332F.8070300@infracaninophile.co.uk> In-Reply-To: <4A9A332F.8070300@infracaninophile.co.uk> User-Agent: nail 11.25 7/29/05 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: SUID permission on Bash script X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Aug 2009 21:36:37 -0000 Matthew Seaman wrote: > > It would do no good for the kernel to hand the interpreter an > > open descriptor if the interpreter did not somehow know to read > > the script from that open descriptor instead of opening the > > script file by name. > > Errr -- no. That's what fdescfs(5) is for. When the kernel > execs the interpreter, it tells the script to open /dev/fd/5 (for > example) and doing that just connects the script to the open file > descriptor the kernel used previously to taste the magic number > and the #! line of the script. which -- again absent some special arrangement in the interpreter -- would cause the script to receive $0 as "/dev/fd/5" instead of the actual name of the script, no? I'd expect this to at least break any messages that the script might try to produce via constructs like echo "$0: whatever"