Re: Executable shell scripts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, May 13, 2006 at 09:37:45PM +1000, Neil Brown wrote:
> On Saturday May 13, [email protected] wrote:
> > > 
> > > Every Unix I've ever seen works this way.  It'd be nice to have
> > > unreadable executable scripts, but no one's ever done it.
> > 
> > The solution would be to either stick bash in the kernel (YUCK!)
> > or to have the kernel basically copy the read-only script to /tmp
> > or somewhere else, set permissions to sane values and
> > /bin/sh /tmp/foo.a12345.
> 
> ... or open the script file (which there kernel has to do anyway),
> attach it to some unused fd (e.g. fd3) and pass  "/dev/fd/3" to the
> interpreter rather than "/the/shell/script".
> 
> Then the interpreter doesn't need to be able to open the file for
> read.

Not exactly, because people who would like to set their scripts to 111
will also set the shell to 111, which makes the process non-dumpable,
with /dev/fd/3 unreachable (it's a link to /proc/self/fd).

> However it isn't clear that this is really a gain, as the person
> running the script could use ptrace or similar to take a copy of the
> script, the bypassing the missing 'r' permission.
> 
> Mind you, with ptrace, it isn't too hard to get a copy of a normal
> executable that is mode '111'....
> 
> The whole concept of having files that are executable but not readable
> is completely broken - it gives the appearance of protection without
> the reality.
> 
> NeilBrown

Cheers,
Willy

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux