Weird things in csh (and kernel?)

Ian Donaldson rcodi at yabbie.rmit.oz
Wed Mar 2 18:29:50 AEST 1988 

In article <1193 at ark.cs.vu.nl>, maart at cs.vu.nl (Maarten Litmaath) writes:
> 	% a.out < a.out
> 	a.out: Text file busy.

You didn't say which system.

Yep, its a kernel bug in some pre 4.[23]bsd systems.  Exec processing
only checks for open files rather than files open for writing when
determining if the file is busy.

Its also a -big- security bug in such systems that leave most system binaries
publicly readable.  The workaround is to -not- make such binaries publicly
readable.  Simple.

ie: 

chmod o-r `file /bin/* /usr/bin/* /usr/ucb/* |egrep "demand|pure" |cut -d: -f1`

(this won't work right if your binaries are OMAGIC types, in which case you
will probably need to do it by hand, since grepping for the word "executable"
might discover shellscripts too)
 
> Why shouldn't a process be able to read its text file?
> 2)
> 	% cat ~/.cshrc
> 	echo echo hello
> 	% cp /bin/echo .
> 	% ./echo > echo
> 	hello: Command not found.
> 	% cat echo
> 	echo hello
> 	hello
> 	%
> 
> What kinda weird thing is going on here?

You are paving the road before you tread on it.

I'll elaborate:

> 	% cp /bin/echo .
	
	Creates a binary "./echo".  Fine.

> 	% ./echo > echo

	First clobbers "./echo" then csh tries to execute it with stdout
	sent to it.  execv() fails because the kernel sees an empty file, 
	so csh tries to execute it as a script.

	Since a new csh is started up to execute it, it reads your ".cshrc"
	and executes that first.  The first line says "echo echo hello"
	and since "echo" is a csh builtin, it echo's the words "echo hello"
	to stdout, which gets written onto "./echo".  Csh then finishes
	executing your ".cshrc" and then executes "./echo", seeing
	the words "echo hello".  Again it is a builtin, so the word
	"hello" gets written to stdout ("./echo").  Csh then reads
	the next line of "./echo" which is "hello".  Obviously not
	a known command so it complains to stdout (the terminal).
	It then runs out of things to do and stops.

	A great puzzle!
	
> Shouldn't there be an error message "Text file busy."
> in this case?

Nope.  You clobbered "./echo" before excuting it.  There is no text
there anymore.

Ian D

More information about the Comp.unix.wizards mailing list