> how do you plan to satisfy these requirement without including
> the interpreter in the kernel ?
Simple: The kernel handles the #! hack (and others, see fs/binfmt_misc.c
for instance). So the kernel very well can check the privileges of the
executable, endow _this_ process with them and launch the requested
interpreter. The problem is that there is a race when implemented the
"obvious" way: I could make a symlink to the script, launch the process and
switch the link to another script of mine while the (now privileged)
interpteter loads. This vulnerability is why S[UG]ID scripts normally
aren't allowed. A way around this is to open the script and pass the
interpreter just the opened filedescriptor.
-- Dr. Horst H. von Brand mailto:vonbrand@inf.utfsm.cl Departamento de Informatica Fono: +56 32 654431 Universidad Tecnica Federico Santa Maria +56 32 654239 Casilla 110-V, Valparaiso, Chile Fax: +56 32 797513- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/