Re: Executable shell scripts

[Stefan Smietanowski]

Douglas McNaught wrote:
> Arjan van de Ven <arjan@xxxxxxxxxxxxx> writes:
> 
> 
>>On Sat, 2006-05-13 at 13:03 +0200, Mark Rosenstand wrote:
> 
> 
>>>bash-3.00$ cat << EOF > test
>>>
>>>>#!/bin/sh
>>>>echo "yay, I'm executing!"
>>>>EOF
>>>
>>>bash-3.00$ chmod 111 test
>>>bash-3.00$ ./test
>>>/bin/sh: ./test: Permission denied
>>
>>is your script readable as well? 111 is just weird/odd.
> 
> 
> It needs to be readable as well.  What ends up happening is that the
> kernel sees the execute bit, looks at the shebang line and then does:
> 
> /bin/sh test
> 
> Since read permission is off, the shell's open() call fails.  It will
> work fine if you use 755 as the permissions.
> 
> Every Unix I've ever seen works this way.  It'd be nice to have
> unreadable executable scripts, but no one's ever done it.

The solution would be to either stick bash in the kernel (YUCK!)
or to have the kernel basically copy the read-only script to /tmp
or somewhere else, set permissions to sane values and
/bin/sh /tmp/foo.a12345.

Now why on earth would one want the kernel to jump all those hoops
instead of just requiring read access on anything with a shebang?

Naturally, bash has to be supplemented by any other gorramn shell
out there and naturally perl and anything at all that can be invoked
using a shebang, since bash doesn't know how to execute perl
and perl doesn't know how to execute shell and .. and .. and...

So either copy it and set sane values or require read-access
on the file.

// Stefan

Attachment: signature.asc
Description: OpenPGP digital signature