Re: Executable shell scripts

From: Neil Brown
Date: Sat May 13 2006 - 07:44:45 EST


On Saturday May 13, stesmi@xxxxxxxxxx wrote:
> >
> > Every Unix I've ever seen works this way. It'd be nice to have
> > unreadable executable scripts, but no one's ever done it.
>
> The solution would be to either stick bash in the kernel (YUCK!)
> or to have the kernel basically copy the read-only script to /tmp
> or somewhere else, set permissions to sane values and
> /bin/sh /tmp/foo.a12345.

... or open the script file (which there kernel has to do anyway),
attach it to some unused fd (e.g. fd3) and pass "/dev/fd/3" to the
interpreter rather than "/the/shell/script".

Then the interpreter doesn't need to be able to open the file for
read.

However it isn't clear that this is really a gain, as the person
running the script could use ptrace or similar to take a copy of the
script, the bypassing the missing 'r' permission.

Mind you, with ptrace, it isn't too hard to get a copy of a normal
executable that is mode '111'....

The whole concept of having files that are executable but not readable
is completely broken - it gives the appearance of protection without
the reality.

NeilBrown
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/