From: Willy Tarreau <willy@w.ods.org>
To: Neil Brown <neilb@suse.de>
Cc: Stefan Smietanowski <stesmi@stesmi.com>,
Douglas McNaught <doug@mcnaught.org>,
Arjan van de Ven <arjan@infradead.org>,
Mark Rosenstand <mark@borkware.net>,
linux-kernel@vger.kernel.org
Subject: Re: Executable shell scripts
Date: Sat, 13 May 2006 14:45:26 +0200 [thread overview]
Message-ID: <20060513124526.GJ11191@w.ods.org> (raw)
In-Reply-To: <17509.50441.790871.230011@cse.unsw.edu.au>
On Sat, May 13, 2006 at 09:37:45PM +1000, Neil Brown wrote:
> On Saturday May 13, stesmi@stesmi.com wrote:
> > >
> > > Every Unix I've ever seen works this way. It'd be nice to have
> > > unreadable executable scripts, but no one's ever done it.
> >
> > The solution would be to either stick bash in the kernel (YUCK!)
> > or to have the kernel basically copy the read-only script to /tmp
> > or somewhere else, set permissions to sane values and
> > /bin/sh /tmp/foo.a12345.
>
> ... or open the script file (which there kernel has to do anyway),
> attach it to some unused fd (e.g. fd3) and pass "/dev/fd/3" to the
> interpreter rather than "/the/shell/script".
>
> Then the interpreter doesn't need to be able to open the file for
> read.
Not exactly, because people who would like to set their scripts to 111
will also set the shell to 111, which makes the process non-dumpable,
with /dev/fd/3 unreachable (it's a link to /proc/self/fd).
> However it isn't clear that this is really a gain, as the person
> running the script could use ptrace or similar to take a copy of the
> script, the bypassing the missing 'r' permission.
>
> Mind you, with ptrace, it isn't too hard to get a copy of a normal
> executable that is mode '111'....
>
> The whole concept of having files that are executable but not readable
> is completely broken - it gives the appearance of protection without
> the reality.
>
> NeilBrown
Cheers,
Willy
next prev parent reply other threads:[~2006-05-13 12:46 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-05-13 10:38 Executable shell scripts Mark Rosenstand
2006-05-13 10:56 ` Arjan van de Ven
2006-05-13 11:03 ` Mark Rosenstand
2006-05-13 11:07 ` Arjan van de Ven
2006-05-13 11:17 ` Mark Rosenstand
2006-05-13 11:18 ` Willy Tarreau
2006-05-13 11:19 ` Douglas McNaught
2006-05-13 11:27 ` Mark Rosenstand
2006-05-13 11:37 ` Joel Jaeggli
2006-05-13 12:59 ` Theodore Tso
2006-05-13 13:18 ` Mark Rosenstand
2006-05-13 22:42 ` Neil Brown
2006-05-13 11:28 ` Stefan Smietanowski
2006-05-13 11:37 ` Neil Brown
2006-05-13 12:45 ` Willy Tarreau [this message]
2006-05-13 14:00 ` Arjan van de Ven
2006-05-13 20:52 ` Douglas McNaught
2006-05-13 11:16 ` J.A. Magallón
2006-05-13 11:22 ` Bernd Petrovitsch
2006-05-13 11:45 ` Mark Rosenstand
2006-05-13 11:56 ` Bernd Petrovitsch
2006-05-13 12:23 ` Mark Rosenstand
2006-05-13 12:58 ` Willy Tarreau
2006-05-13 18:55 ` Bernd Petrovitsch
2006-05-13 11:23 ` CaT
2006-05-13 11:00 ` Willy Tarreau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060513124526.GJ11191@w.ods.org \
--to=willy@w.ods.org \
--cc=arjan@infradead.org \
--cc=doug@mcnaught.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark@borkware.net \
--cc=neilb@suse.de \
--cc=stesmi@stesmi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.