No executables in /tmp

Michael Halcrow mike at halcrow.us
Wed Apr 5 11:57:55 MDT 2006


On Wed, Apr 05, 2006 at 11:08:18AM -0600, Von Fugal wrote:
> * justin gedge [Tue, 28 Mar 2006 at 09:32 -0700]
> > I know the #!/usr/bin/perl along w/ an executable file tells UNIX that 
> > you need to run the /usr/bin/perl executable- is everything else in the 
> > script passed to perl through STDIN, it can't be- there has to be some 
> > other mechanism-
> 
> Basically, the shell sees the #! and turns around and executes:
> <command after #!> <filename>

It's not the shell; it's actually the kernel that does that.

That's why you can assign types directly to scripts and have SE Linux
govern them, without any modification to the shell.

For more enlightenment on the subject, see ``man execve''. Or check
out some of the code and data structures in the kernel source,
indicating that the kernel is congizant of the fact that there may be
an interpreter involved:

http://lxr.linux.no/source/include/linux/binfmts.h#L23

And a quick test of execve() (which does not involve the shell; it
goes through libc to make the syscall) confirms that you can ask the
kernel to execute a script directly.

Mike  
.___________________________________________________________________.
                         Michael A. Halcrow                          
       Security Software Engineer, IBM Linux Technology Center       
GnuPG Fingerprint: 419C 5B1E 948A FA73 A54C  20F5 DB40 8531 6DCA 8769

When all is said and done, more usually gets said than done. 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: Digital signature
Url : http://plug.org/pipermail/plug/attachments/20060405/bb6792e2/attachment.bin 


More information about the PLUG mailing list