| Next | Classic Unix Security Problems | 14 |
Here's another problem with setuid shell scripts
Whenever you execute a file, the kernel reads the first two bytes
It's looking for a magic number that tells it what to do
For example, "load into memory and execute directly"
"Invoke the dynamic loader"
#! means "this is a script"
When the kernel sees #!, it reads the next few bytes
These should contain the path to the appropriate interpreter
The kernel runs the interpreter and hands it the script name as an argument
Suppose foo.pl starts with #!/usr/bin/perl
The kernel executes /usr/bin/perl foo.pl
| Next | |
Copyright © 2005 M. J. Dominus |