#!: security, memory, and demigods

rcd at opus.UUCP rcd at opus.UUCP
Sun Mar 18 16:41:01 AEST 1984 

About a week ago, I responded to a question about kernel handling of #!,
opining, among other things, that it shouldn't be done in the kernel.  I
got three sorts of responses, which provide some interesting persepectives:

The largest category pointed out that #! in the kernel makes set{u,g}id
shell scripts possible.  This is right, it makes #! a matter of protection
and hence clearly the business of the kernel.  (Yes, I've wanted a setuid
shell script.  I started to do one once, but that was under V7.  I realized
that it wasn't going to work, solved the problem differently, and filed the
matter away in my brain where it has rusted lo these many years.)

The second category pointed out that the cost in the kernel, xxx bytes, was
not all that much.  It turns out to be on the order of 350 bytes
altogether, for the 4.2 kernel on a VAX.  I think that this line of
reasoning is tenuous - sometimes acceptable, sometimes not, because
kernels, like all code, tend to increase in size monotonically with time
unless somehow constrained.  Therefore, I think it's valid to ask if a
piece of code belongs in the kernel.  Sure, 350 bytes is only a little bit,
but our 1/4 Mb kernel didn't get that way overnight.  (As an aside, some of
the responses underguesstimated the size of the #! code by more than a
factor of 3 - and even my guess is conservative.)

The third category of response is the one that made the least sense - in
fact, it bothers me a lot.  The general tenor is, "Well, that's not
Berkeley code - in fact, Ritchie himself wrote it," and ideas to the effect
of "...if it's good enough for Ritchie, it's good enough for me."  That
kind of reasoning (sic) is counterproductive.  Whether Ritchie wrote the
code or not doesn't matter - if it's wrong, it's wrong; if it's right, it's
right and it doesn't need Ritchie's name to justify it!  We respect Ritchie
and Thompson because they've done an incredible amount of good work and
almost all of (what we see of) it has been right on the money.  But that
doesn't mean that their names on the code make it right, especially to this
newsgroup.  I wonder if Ritchie would justify the code by saying, "I wrote
it, so it's good enough."  I doubt it very much; I'd bet he would give the
first reason above.  So why do others think they need to be Ritchie's
apologists?
-- 
{hao,ucbvax,allegra}!nbires!rcd

More information about the Comp.unix.wizards mailing list