Security and set[ug]id shell scripts (how #! works)
Guy Harris
guy at rlgvax.UUCP
Fri Jan 18 05:23:27 AEST 1985
> 4.2 does have a mechanism that if the magic number of a file happens to
> correspond to "#!" the kernel then reads for the rest of the line and
> uses that as the program to exec. The setuid bits get applied to that
> program (not necessarily the shell). The standard input gets redirected
> to the file (the manual is wrong).
No, the manual is correct. It says "An interpreter file begins with a
line of the form ``#! interpreter''; when an interpreter file is "execve"d,
the system "execve"s the specified "interpreter", giving it the name of
the originally exec'd file as an argument, shifting over the rest of
the original arguments."
The following interpreter file:
#! /bin/echo
when named "putz" and run as "putz foo bar", prints "putz foo bar". The
reason this doesn't confuse a shell script (i.e., that the script
#! /bin/sh
echo '$0 =' "$0"
echo "$@"
cat >/tmp/stuff
(which reads from the terminal, not from the script file, in the "cat"
command) when called "futz" and run as "futz foo bar" prints "foo bar"
on the second echo line) is that the shell is run as
/bin/sh futz foo bar
and takes "futz" as the script to run and "foo" and "bar" as the arguments
to pass to it. The only code in "kern_exec.c" that does anything with
file descriptors is the code that does close-on-exec.
Guy Harris
{seismo,ihnp4,allegra}!rlgvax!guy
More information about the Comp.unix.wizards
mailing list