Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932386AbWEMLiW (ORCPT ); Sat, 13 May 2006 07:38:22 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S932391AbWEMLiW (ORCPT ); Sat, 13 May 2006 07:38:22 -0400 Received: from cantor2.suse.de ([195.135.220.15]:10898 "EHLO mx2.suse.de") by vger.kernel.org with ESMTP id S932386AbWEMLiV (ORCPT ); Sat, 13 May 2006 07:38:21 -0400 From: Neil Brown To: Stefan Smietanowski Date: Sat, 13 May 2006 21:37:45 +1000 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <17509.50441.790871.230011@cse.unsw.edu.au> Cc: Douglas McNaught , Arjan van de Ven , Mark Rosenstand , linux-kernel@vger.kernel.org Subject: Re: Executable shell scripts In-Reply-To: message from Stefan Smietanowski on Saturday May 13 References: <20060513103841.B6683146AF@hunin.borkware.net> <1147517786.3217.0.camel@laptopd505.fenrus.org> <20060513110324.10A38146AF@hunin.borkware.net> <1147518432.3217.2.camel@laptopd505.fenrus.org> <87r72yi346.fsf@suzuka.mcnaught.org> <4465C2E8.8070106@stesmi.com> X-Mailer: VM 7.19 under Emacs 21.4.1 X-face: v[Gw_3E*Gng}4rRrKRYotwlE?.2|**#s9D > > > Every Unix I've ever seen works this way. It'd be nice to have > > unreadable executable scripts, but no one's ever done it. > > The solution would be to either stick bash in the kernel (YUCK!) > or to have the kernel basically copy the read-only script to /tmp > or somewhere else, set permissions to sane values and > /bin/sh /tmp/foo.a12345. ... or open the script file (which there kernel has to do anyway), attach it to some unused fd (e.g. fd3) and pass "/dev/fd/3" to the interpreter rather than "/the/shell/script". Then the interpreter doesn't need to be able to open the file for read. However it isn't clear that this is really a gain, as the person running the script could use ptrace or similar to take a copy of the script, the bypassing the missing 'r' permission. Mind you, with ptrace, it isn't too hard to get a copy of a normal executable that is mode '111'.... The whole concept of having files that are executable but not readable is completely broken - it gives the appearance of protection without the reality. NeilBrown - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/